Hi, At 18.28 04/07/2006, Darren Worrall (Eclipse) wrote:
Hi guys, I'm having trouble with the mswin_check_lm_group.exe helper program under SquidNT 2.6. The relevant portion of my config is below: ===================================================================== auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe auth_param ntlm children 5 auth_param ntlm use_ntlm_negotiate on auth_param ntlm keep_alive on auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes external_acl_type win_domain_group %LOGIN c:/squid/libexec/mswin_check_lm_group.exe -G -d acl localnet proxy_auth REQUIRED src 172.30.0.0/16 172.29.0.0/16 acl InetAllow external win_domain_group Internet_Users http_access allow InetAllow ====================================================================== The NTLM auth stuff is working fine, but whenever I try and make a connection now, I get the following in my logs: ====================================================================== /mswin_check_lm_group.exe[376]: Got 'domainname%5cdaz Internet_Users' from Squid (length: 29). /mswin_check_lm_group.exe[376]: Valid_Global_Groups: checking group membership of 'domainname\domainname%5cdaz'. /mswin_check_lm_group.exe[376]: Using '\\DCSERVER' as DC for 'domainname' local domain. /mswin_check_lm_group.exe[376]: Using '\\DCSERVER' as DC for 'domainname' user's domain. /mswin_check_lm_group.exe NetUserGetGroups() failed.' ====================================================================== It appears that the domain name is being passed twice (second line), though I don't know if that's relevant. Any tips?
This is correct, "local domain" is the machine domain, while " user's domain" is user domain, not always the same ....
Try testing the helper from the command line. And, "Pre-Windows 2000-compatible Access" is enabled in your domain ? Regards Guido - ======================================================== Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.serassio@xxxxxxxxxxxxxxxxx WWW: http://www.acmeconsulting.it/
