*nix Thread, Which Linux distro shall I use for Squid? in Technical; Ahhh evil. I forgot to mention that I managed to get the NTLM working on a mock domain I have ...
23rd October 2008, 12:25 PM #16
Ahhh evil. I forgot to mention that I managed to get the NTLM working on a mock domain I have set up at home with no problems. But when I try and set it up on the school domain, with a few tweaks on the .conf files, I get a login box to the squid box I just set up via IE7. Kinda defeats the object of NTLM authentication methinks.
I'm probably clutching at staws but maybe it has something to do with the default domain policy in Active Directory?
My domain kerberos policy:
Account Policies/Kerberos Policy
Enforce user logon restrictions Enabled
Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 10 hours
Maximum lifetime for user ticket renewal 7 days
Maximum tolerance for computer clock synchronization 5 minutes
NTP is set up correctly so it can't be the clock sync.
I haven't got any Dansguardian or similar stuff installed yet. Just want to make sure that no login boxes come up.
Thanks again guys
IDG Tech News
23rd October 2008, 01:53 PM #17
Ahhh I found this in the cache.log
Login for user [AYLSHAMHIGH]\[chillebrandt]@[ICT-003] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/run/samba/winbindd_privileged are set correctly.]
[2008/10/23 12:36:22, 0] utils/ntlm_auth.c:manage_squid_ntlmssp_request(776)
NTLMSSP BH: NT_STATUS_ACCESS_DENIED
This could be reason why it's being a pain. Would I somehow need to add all the users to the squid group or something?
2nd December 2008, 08:58 AM #18
Do you know of a version of ident for Windows 2003 which works correctly with with terminal server. The version I have been using, since Windows 95, has a nasty habit of thinking everyone is the first user to log in.
Originally Posted by torry_loon
2nd December 2008, 10:10 AM #19
Originally Posted by Cragzman
Check your squid.conf, find the cache effective user. Write the user down.
it should list root root on the pipe.
ls -al /var/run/samba/winbindd_privileged
Would be easier to modify the winbind startup script, and force the change of user, otherwise every reboot, you need to re chown.
chown root:proxy /var/run/samba/winbindd_priveleged/
Last edited by ahuxham; 2nd December 2008 at 10:12 AM.
By Disease in forum Gaming
Last Post: 24th November 2006, 09:33 AM
Last Post: 27th September 2006, 04:02 PM
Last Post: 24th September 2006, 09:47 PM
Last Post: 17th October 2005, 02:02 PM
Last Post: 20th June 2005, 09:55 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)