+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 19 of 19
*nix Thread, Which Linux distro shall I use for Squid? in Technical; Ahhh evil. I forgot to mention that I managed to get the NTLM working on a mock domain I have ...
  1. #16
    Cragzman's Avatar
    Join Date
    Jan 2008
    Location
    In a cave - Somewhere in Naaaarrrfuk
    Posts
    38
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Ahhh evil. I forgot to mention that I managed to get the NTLM working on a mock domain I have set up at home with no problems. But when I try and set it up on the school domain, with a few tweaks on the .conf files, I get a login box to the squid box I just set up via IE7. Kinda defeats the object of NTLM authentication methinks.

    I'm probably clutching at staws but maybe it has something to do with the default domain policy in Active Directory?

    My domain kerberos policy:

    Account Policies/Kerberos Policy
    Policy Setting
    Enforce user logon restrictions Enabled
    Maximum lifetime for service ticket 600 minutes
    Maximum lifetime for user ticket 10 hours
    Maximum lifetime for user ticket renewal 7 days
    Maximum tolerance for computer clock synchronization 5 minutes

    NTP is set up correctly so it can't be the clock sync.

    I haven't got any Dansguardian or similar stuff installed yet. Just want to make sure that no login boxes come up.

    Thanks again guys

  2. #17
    Cragzman's Avatar
    Join Date
    Jan 2008
    Location
    In a cave - Somewhere in Naaaarrrfuk
    Posts
    38
    Thank Post
    7
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Ahhh I found this in the cache.log

    Login for user [AYLSHAMHIGH]\[chillebrandt]@[ICT-003] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/run/samba/winbindd_privileged are set correctly.]
    [2008/10/23 12:36:22, 0] utils/ntlm_auth.c:manage_squid_ntlmssp_request(776)
    NTLMSSP BH: NT_STATUS_ACCESS_DENIED

    This could be reason why it's being a pain. Would I somehow need to add all the users to the squid group or something?

    Ta.

  3. #18
    mpe
    mpe is offline

    Join Date
    Nov 2008
    Location
    Exeter
    Posts
    1,103
    Thank Post
    106
    Thanked 65 Times in 57 Posts
    Rep Power
    33
    Quote Originally Posted by torry_loon View Post
    1. I use ident. I think there is a way to get the names from AD.
    Do you know of a version of ident for Windows 2003 which works correctly with with terminal server. The version I have been using, since Windows 95, has a nasty habit of thinking everyone is the first user to log in.

  4. #19
    ahuxham's Avatar
    Join Date
    Apr 2008
    Posts
    1,122
    Thank Post
    76
    Thanked 138 Times in 109 Posts
    Rep Power
    31
    Quote Originally Posted by Cragzman View Post
    Ahhh I found this in the cache.log

    Login for user [AYLSHAMHIGH]\[chillebrandt]@[ICT-003] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/run/samba/winbindd_privileged are set correctly.]
    [2008/10/23 12:36:22, 0] utils/ntlm_auth.c:manage_squid_ntlmssp_request(776)
    NTLMSSP BH: NT_STATUS_ACCESS_DENIED

    This could be reason why it's being a pain. Would I somehow need to add all the users to the squid group or something?

    Ta.
    Easy.

    Check your squid.conf, find the cache effective user. Write the user down.

    Than run:
    Code:
    ls -al /var/run/samba/winbindd_privileged
    it should list root root on the pipe.

    Code:
    chown root:proxy /var/run/samba/winbindd_priveleged/
    Would be easier to modify the winbind startup script, and force the change of user, otherwise every reboot, you need to re chown.
    Last edited by ahuxham; 2nd December 2008 at 09:12 AM.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 30
    Last Post: 24th November 2006, 08:33 AM
  2. Best Linux Distro for....
    By danIT in forum *nix
    Replies: 4
    Last Post: 27th September 2006, 03:02 PM
  3. OpenFilter - Linux based SAN distro.
    By Geoff in forum *nix
    Replies: 4
    Last Post: 24th September 2006, 08:47 PM
  4. Choosing a Linux Distro
    By Ric_ in forum *nix
    Replies: 7
    Last Post: 17th October 2005, 01:02 PM
  5. Lightweight Linux distro
    By Ric_ in forum *nix
    Replies: 5
    Last Post: 20th June 2005, 08:55 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •