On Thu, 24 Feb 2011 00:59:58 +0000, Julian Pilfold-Bagwell wrote:
Hi All,
I have a problem with NTLM authentication on squid-2.6.STABLE21-6.el5
on CentOS 5.5.
If I run /usr/bin/ntml_auth --username=jpb --domain=BGS, it returns
success. Samba (v3.5.6) file sharing works as does winbind's wbinfo
-, wbinfo -g, wbinfo -t so I'm fairly sure that both Samba and
winbind
are functioning OK.
If I go to a client and try to visit a website, I get the pop up
credentials box but entering the same credentials as on the ntlm_auth
line above generates the following with the virtual XP being a VM and
the jpb-workstation being a Linux box:
[2011/02/23 22:49:05.671790, 3]
libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xa2088207
[2011/02/23 22:49:05.674159, 3]
libsmb/ntlmssp.c:747(ntlmssp_server_auth)
Got user=[bgs0001] domain=[BGS] workstation=[VIRTUAL-XP] len1=24
len2=24
[2011/02/23 22:49:05.675008, 3]
utils/ntlm_auth.c:598(winbind_pw_check)
Login for user [BGS]\[bgs0001]@[VIRTUAL-XP] failed due to [Invalid
handle]
[2011/02/23 23:03:24.838232, 3]
libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x00088207
[2011/02/23 23:03:24.845152, 3]
libsmb/ntlmssp.c:747(ntlmssp_server_auth)
Got user=[jpb] domain=[] workstation=[jpb-desktop] len1=24 len2=24
[2011/02/23 23:03:24.845972, 3]
utils/ntlm_auth.c:598(winbind_pw_check)
Login for user []\[jpb]@[jpb-desktop] failed due to [Invalid
handle]
[2011/02/23 23:03:40.780692, 3]
libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x00088207
[2011/02/23 23:03:40.782125, 3]
libsmb/ntlmssp.c:747(ntlmssp_server_auth)
Got user=[jpb] domain=[bgs] workstation=[jpb-desktop] len1=24
len2=24
[2011/02/23 23:03:40.782938, 3]
utils/ntlm_auth.c:598(winbind_pw_check)
Login for user [bgs]\[jpb]@[jpb-desktop] failed due to [Invalid
handle]
[2011/02/23 23:05:13.260874, 3]
libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x00088207
[2011/02/23 23:05:13.262425, 3]
libsmb/ntlmssp.c:747(ntlmssp_server_auth)
Got user=[jpb] domain=[] workstation=[jpb-desktop] len1=24 len2=24
[2011/02/23 23:05:13.263254, 3]
utils/ntlm_auth.c:598(winbind_pw_check)
Login for user []\[jpb]@[jpb-desktop] failed due to [Invalid
handle]
Given that using the ntlm_auth command directly succeeds, I'm unsure
as to whether this a problem with Samba, Squid or the interaction
between the two. I've set the permissions on the winbind privileged
pipe to 750, created a group called winbindd_priv and added the squid
user to that group. There are no messages relating to being unable to
read from the pipe.
There are other people that have had the same problem but nothing
I've looked at has solved it yet. Has anyone else been here?
Ensure that you are using the helper provided by Samba. The one with
same name provided by Squid is rather broken in modern networks.
If the problem persists it is likely between the client and Samba.
Though squid can still affect this if connection persistence is failing
the message then would be about expected token types.
Amos
