Ok, I don't think I have ever had to install something that is as frustrating as this. I have installed another "blank" box and completed the following steps: 1. Compiled and installed applications. Setup krb5 ./autogen.sh apt-get install libldap2-dev ./configure --enable-ntlm-auth-helpers="winbind,SMB" --enable-external-acl-helpers="unix_group,wbinfo_group" --enable-auth="ntlm,basic" --with-winbind-auth-challenge --with-samba-sources="/opt/samba-3.0.28a/source" --enable-basic-auth-helpers="winbind" --with-winbind --with-winbind-auth-challenge --with-ads net ads join -U administrator -S alpha.emcc.edu apt-get install libssl-dev apt-get install libsasl2-dev ./configure --enable-epoll --with-openssl= --enable-snmp --enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,null,ufs --enable-ssl --enable-delay-pools --enable-linux-netfilter --with-pthreads --enable-ntlm-auth-helpers=SMB,fakeauth --enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group --enable-auth=basic,digest,ntlm --enable-digest-auth-helpers=password --with-winbind-auth-challenge --enable-useragent-log --enable-referer-log --disable-dependency-tracking --enable-cachemgr-hostname=localhost --enable-underscores --enable-basic-auth-helpers=LDAP,MSNT,NCSA,,SMB,YP,getpwnam,multi-domain -NTLM,SASL --enable-cache-digests --enable-ident-lookups --with-large-files --enable-follow-x-forwarded-for 2. This time I changed the /usr/local/samba/bin/ntlm_auth to run as root using chmod, just to make sure it has rights. 3. Created a squid user and a service group. I made squid and the service group the owner of both the squid and samba folders in the /usr/local. 4. wbinfo -t -g u all do what they are supposed to and ntlm_auth at the command prompt works correctly. 5. start squid and point a webbrowser at an address and it says Cache Access Denied, Sorry, you are not currently allowed to request: http://www.msn.com from this cache until you have authenticated yourself. I am not being prompted for any login info on machines that are not part of the domain so it is like squid is not even asking the browser to authenticate its self. In the log files it says TCP_DENIED/407 2672 Get http://www.msn.com/ ..... There are no errors in the cache.log file and the store.log file just has an entry about http://www.msn.com -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: Thursday, March 20, 2008 5:38 PM To: Martin, Jeremy Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: ntlm_auth seems to have losts it mind On Wed, 2008-03-19 at 23:49 -0400, Martin, Jeremy wrote: > Ok, #1 should be all set wbinfo -t -g -u all work correctly #2,3 should > be all set (did not work so I went as far as making the squid user and > squid group owner of the folder and all the children and assigning 777 > for the permissions, just to make sure) Samba will reject the directory if you use 777 I think. Permissions on the directory should be 750 or 710. Regards Henrik -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://spam.emcc.edu/cgi-bin/learn-msg.cgi?id=C23AB27B94.A364C
