Hi All,
I have a problem with NTLM authentication on squid-2.6.STABLE21-6.el5 on
CentOS 5.5.
If I run /usr/bin/ntml_auth --username=jpb --domain=BGS, it returns
success. Samba (v3.5.6) file sharing works as does winbind's wbinfo -,
wbinfo -g, wbinfo -t so I'm fairly sure that both Samba and winbind are
functioning OK.
If I go to a client and try to visit a website, I get the pop up
credentials box but entering the same credentials as on the ntlm_auth
line above generates the following with the virtual XP being a VM and
the jpb-workstation being a Linux box:
[2011/02/23 22:49:05.671790, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xa2088207
[2011/02/23 22:49:05.674159, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth)
Got user=[bgs0001] domain=[BGS] workstation=[VIRTUAL-XP] len1=24 len2=24
[2011/02/23 22:49:05.675008, 3] utils/ntlm_auth.c:598(winbind_pw_check)
Login for user [BGS]\[bgs0001]@[VIRTUAL-XP] failed due to [Invalid
handle]
[2011/02/23 23:03:24.838232, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x00088207
[2011/02/23 23:03:24.845152, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth)
Got user=[jpb] domain=[] workstation=[jpb-desktop] len1=24 len2=24
[2011/02/23 23:03:24.845972, 3] utils/ntlm_auth.c:598(winbind_pw_check)
Login for user []\[jpb]@[jpb-desktop] failed due to [Invalid handle]
[2011/02/23 23:03:40.780692, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x00088207
[2011/02/23 23:03:40.782125, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth)
Got user=[jpb] domain=[bgs] workstation=[jpb-desktop] len1=24 len2=24
[2011/02/23 23:03:40.782938, 3] utils/ntlm_auth.c:598(winbind_pw_check)
Login for user [bgs]\[jpb]@[jpb-desktop] failed due to [Invalid handle]
[2011/02/23 23:05:13.260874, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x00088207
[2011/02/23 23:05:13.262425, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth)
Got user=[jpb] domain=[] workstation=[jpb-desktop] len1=24 len2=24
[2011/02/23 23:05:13.263254, 3] utils/ntlm_auth.c:598(winbind_pw_check)
Login for user []\[jpb]@[jpb-desktop] failed due to [Invalid handle]
Given that using the ntlm_auth command directly succeeds, I'm unsure as
to whether this a problem with Samba, Squid or the interaction between
the two. I've set the permissions on the winbind privileged pipe to
750, created a group called winbindd_priv and added the squid user to
that group. There are no messages relating to being unable to read from
the pipe.
There are other people that have had the same problem but nothing I've
looked at has solved it yet. Has anyone else been here?
Thanks.
Julian
