Hi, sorry for my bad english! my system: suse linux 10 Squid Cache: Version 2.5.STABLE10 samba (smbd) Version 3.0.20b-3.1-SUSE wbinfo_group.pl is patched with http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE12-wbinfo_group.patch. I'm trying to get the authentication by the ADS 2003 server. I generate a group called PROXYALLOW. the user gmktest is in this group. my squid.conf: Code: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --debug-level=10 auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm use_ntlm_negotiate off external_acl_type wbinfo_group ttl=5 children=30 %LOGIN /usr/sbin/wbinfo_group.pl acl INET_FULLACCESS external wbinfo_group PROXYALLOW http_access allow INET_FULLACCESS There is no error with wbinfo_group.pl. I mofified wbinfo_group.pl, so I can see whats happening when squid does his job. All the debug output are written in a file. But ther is something wrong with squid.when I open the IE and open a URL. Squid gets the request but it dosen't give an answer back to the IE. The IE waits and waits ..... here are my logs: cache.log: Code: 2006/04/07 10:05:25| aclMatchExternal: wbinfo_group user not authenticated (-1) 2006/04/07 10:05:25| The request GET http://www.hallo.de/ is DENIED, because it matched 'INET_FULLACCESS' 2006/04/07 10:05:25| storeEntryValidLength: 285 bytes too big; '850B7CCB7D1B3DDE6366247CDFD362FF' 2006/04/07 10:05:25| aclMatchExternal: wbinfo_group user not authenticated (-1) 2006/04/07 10:05:25| aclMatchExternal: wbinfo_group user not authenticated (-1) 2006/04/07 10:05:25| The request GET http://www.hallo.de/ is DENIED, because it matched 'INET_FULLACCESS' 2006/04/07 10:05:25| storeEntryValidLength: 350 bytes too big; '6E4786733558412DBE239D72C85B01DB' 2006/04/07 10:05:25| clientReadRequest: FD 52: no data to process ((11) Resource temporarily unavailable) 2006/04/07 10:05:25| aclMatchExternal: wbinfo_group user not authenticated (-1) [2006/04/07 10:05:25, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606) Got user=[GMKTEST] domain=[DOMAIN] workstation=[IT-VM-B] len1=24 len2=24 [2006/04/07 10:05:25, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2006/04/07 10:05:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x00000216 2006/04/07 10:05:25| authenticateAuthUserRequestSetIp: user 'gmktest' has been seen at a new IP address (192.168.100.73) 2006/04/07 10:05:25| aclMatchExternal: wbinfo_group("gmktest PROXYALLOW") = lookup needed 2006/04/07 10:05:25| externalAclLookup: lookup in 'wbinfo_group' for 'gmktest PROXYALLOW' 2006/04/07 10:05:25| external_acl_cache_add: Adding 'gmktest PROXYALLOW' = -1 AND here the OUTPUT of my changed wbinfo_group.pl: Code: Got gmktest PROXYALLOW from squid User: -gmktest- Group: -PROXYALLOW- SID: -S-1-5-21-xxxxxx-xxxxxxxx-xxxxxxx-xx02- GID: -1007- Sending OK to squid OUTPUT /var/log/samba/log.wb-DOMAIN Code: [2006/04/07 10:05:25, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(604) [21989]: pam auth crap domain: DOMAIN user: GMKTEST [2006/04/07 10:05:25, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupname(695) [21989]: lookupname DOMAIN+PROXYALLOW [2006/04/07 10:05:25, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(257) rpc: name_to_sid name=DOMAIN\PROXYALLOW [2006/04/07 10:05:25, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(265) name_to_sid [rpc] PROXYALLOW for domain DOMAIN [2006/04/07 10:05:25, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupname(695) [21989]: lookupname DOMAINE+gmktest [2006/04/07 10:05:25, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(257) rpc: name_to_sid name=DOMAINE\gmktest [2006/04/07 10:05:25, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(265) name_to_sid [rpc] gmktest for domain DOMAIN [2006/04/07 10:05:25, 3] nsswitch/winbindd_rpc.c:lookup_usergroups(419) rpc: lookup_usergroups sid=S-1-5-21-xxxxx-xxxxxx-xxxxxxxxx-xxxx [2006/04/07 10:05:25, 3] nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(847) [21989]: getsidaliases [2006/04/07 10:05:25, 3] nsswitch/winbindd_rpc.c:msrpc_lookup_useraliases(497) rpc: lookup_useraliases the user gmktest is in the Where is the problem? thx Goekhan _______________________________________________________________ SMS schreiben mit WEB.DE FreeMail - einfach, schnell und kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
