Search squid archive

RE: Squid/Samba authenication with wrong username

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Joop,

The krb5.conf:

[logging] 
 default = FILE:/var/log/krb5libs.log 
 kdc = FILE:/var/log/krb5kdc.log 
 admin_server = FILE:/var/log/kadmind.log 
 
[libdefaults] 
 default_realm = NICHIRINTN.COM 
 dns_lookup_realm = false 
 dns_lookup_kdc = false 
 ticket_lifetime = 24h 
 forwardable = yes 
 
[realms] 
 DOMAIN.COM  = { 
  kdc = 10.1.0.207:88 
  admin_server = 10.1.0.207:749 
  default_domain = domain.com 
 } 
 
[domain_realm] 
 .example.com = EXAMPLE.COM 
 example.com = EXAMPLE.COM 
 
[appdefaults] 
 pam = { 
   debug = false 
   ticket_lifetime = 36000 
   renew_lifetime = 36000 
   forwardable = true 
   krb4_convert = false 
 } 

And I receive the following errors (quite lengthy, sorry) when running
the NTLM_AUTH command, as shown:

[root@ntproxy Shane]# /usr/lib/squid/ntlm_auth --username=shane 

/usr/lib/squid/ntlm_auth: invalid option -- - 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 
/usr/lib/squid/ntlm_auth: invalid option -- u 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 
/usr/lib/squid/ntlm_auth: invalid option -- s 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 
/usr/lib/squid/ntlm_auth: invalid option -- e 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 
/usr/lib/squid/ntlm_auth: invalid option -- r 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 
/usr/lib/squid/ntlm_auth: invalid option -- n 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 
/usr/lib/squid/ntlm_auth: invalid option -- a 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 
/usr/lib/squid/ntlm_auth: invalid option -- m 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 
/usr/lib/squid/ntlm_auth: invalid option -- e 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 
/usr/lib/squid/ntlm_auth: invalid option -- = 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 
/usr/lib/squid/ntlm_auth: invalid option -- s 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 
/usr/lib/squid/ntlm_auth: invalid option -- h 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 
/usr/lib/squid/ntlm_auth: invalid option -- a 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 
/usr/lib/squid/ntlm_auth: invalid option -- n 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 
/usr/lib/squid/ntlm_auth: invalid option -- e 
unknown option: -?. Exiting 
/usr/lib/squid/ntlm_auth usage: 
/usr/lib/squid/ntlm_auth [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...] 
-b enables load-balancing among controllers 
-f enables failover among controllers (DEPRECATED and always active) 
-l changes behavior on domain controller failyures to last-ditch. 
-d enables debugging statements if DEBUG was defined at build-time. 
 
You MUST specify at least one Domain Controller. 
You can use either \ or / as separator between the domain name  
and the controller name 


Thank you for the help.

Shane

-----Original Message-----
From: J Beris [mailto:J.Beris@xxxxxxxxxxxxx] 
Sent: Thursday, March 13, 2008 10:11 AM
To: Leach, Shane - MIS Laptop
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: RE:  Squid/Samba authenication with wrong username

Hi Shane,
 
> My smb.conf is as follows (constructed based on some walkthroughs 
> available on Internet):

<SNIP>

Looks good to me.
 
> I notice that when I attempt "kinit [username]@[domain]" an
interesting
> thing happens.  If is set it as username@DOMAIN it returns no
errors...
> But if I use username@domain (lowercase) I receive an error that 
> "Cannot find KDC for requested realm while getting initial 
> credentials".
Could
> this be part of the problem?

I don't think so. If I remember correctly, Kerberos needs the domain
name to be uppercase, not lower case.

> I could not get the ntlm_auth command to work, as written... Still 
> trying to figure out exactly what should be changed.

Specifically, what happens if you issue that ntlm_auth command?

What is specified in your krb5.conf?

HTH,

Joop

------------------------------------------------------------
Dit bericht is gescand op virussen en andere gevaarlijke inhoud door
MailScanner en lijkt schoon te zijn.
Mailscanner door http://www.prosolit.nl
Professional Solutions fot IT
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux