Hi all, I'm trying to replace ISA with the clearly superior squid and am having some problems getting NTLM authentication working. Squid works, and the box in on our domain after following the following instructions: http://wiki.squid-cache.org/ConfigExamples/WindowsAuthenticationNTLM?highlight=%28ntlm%29 wbinfo -u lists all our users, and manually doing executing ntlm_auth --username=dhope returns success. However, in my cache.log I get: [2007/08/22 10:45:50, 0] utils/ntlm_auth.c:winbind_pw_check(429) Login for user [DOMAIN]\[dhope]@[DAVE-LAPTOP] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/run/samba/winbin dd_privileged are set correctly.] [2007/08/22 10:45:50, 0] utils/ntlm_auth.c:manage_squid_ntlmssp_request(603) NTLMSSP BH: NT_STATUS_ACCESS_DENIED 2007/08/22 10:45:50| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' At that point, I get an authentication dialog pop up client side. After providing correct details, I then get the following in the log [2007/08/22 10:52:22, 0] utils/ntlm_auth.c:winbind_pw_check(429) Login for user [DOMAIN]\[dhope]@[DAVE-LAPTOP] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/run/samba/winbindd_privileged are set correctly.] 2007/08/22 10:52:22| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' Ownership of /var/run/samba is root:winbindd_priviledged. I've added the user Squid runs as (proxy) to the group but still get the error. Does anyone have any suggestions as to how i can try and diagnose this problem further? Thanks, Dave
