Is /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp supposed to be working at this stage of samba 3? With RH EL3 beta (taroon) which comes with samba-3.0.0-3rc1.3E packages (and squid-2.5.STABLE3-2.3E packages), the /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic helper works great but /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp always fails (NTLMSSP NT_STATUS_ACCESS_DENIED). This is with an NT domain controller. We're running samba 2.2.8a everywhere else, this is first jump to 3.0.
Only winbindd is running, not samba. Here is the smb.conf: [global] workgroup = TCS_MAIN_DOM netbios name = LINBETA server string = Samba Server on LINBETA interfaces = eth0 127.0.0.1/24 bind interfaces only = yes security = DOMAIN encrypt passwords = Yes password server = tcs_main_pdc username map = /etc/samba/smbusers log level = 1 log file = /var/log/samba/%m.log mangling method = hash2 preferred master = No domain master = No dns proxy = No wins server = tcs_main_pdc kernel oplocks = No winbind uid = 10000-20000 winbind gid = 10000-20000 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes blocking locks = No locking = No oplocks = No level2 oplocks = No guest account = nobody load printers = no Here is a squid/ntlm_auth log of the transaction. Should I file a bug report or is there some setting that needs to be made on the PDC? 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '(nil)'. 2003/09/03 08:15:40| authenticateValidateUser: Auth_user_request was NULL! 2003/09/03 08:15:40| authenticateFixHeader: headertype:34 authuser:(nil) 2003/09/03 08:15:40| authenticateNTLMFixErrorHeader: Sending type:34 header: 'NTLM' 2003/09/03 08:15:40| authenticateFixErrorHeader: Sending type:34 header: 'Basic realm="Proxy"' 2003/09/03 08:15:40| authenticateAuthUserRequestLock auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateAuthUserRequestLock auth_user request '0x559ba5a8' now at '1'. 2003/09/03 08:15:40| authenticateDecodeAuth: header = 'NTLM TlRMTVNTUAABAAAAB7IAoAwADAAoAAAACAAIACAAAABCQzAwNjc4NFRDU19NQUlOX0RPTX== ' 2003/09/03 08:15:40| authenticateAuthUserLock auth_user '0x559ba5c0'. 2003/09/03 08:15:40| authenticateAuthUserLock auth_user '0x559ba5c0' now at '1'. 2003/09/03 08:15:40| authenticateDecodeNTLMAuth: NTLM authentication 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| User not fully authenticated. 2003/09/03 08:15:40| authenticateNTLMAuthenticateUser: auth state ntlm none. NTLM TlRMTVNTUAABAAAAB7IAoAwADAAoAAAACAAIACAAAABCQzAwNjc4NFRDU19NQUlOX0RPTX== 2003/09/03 08:15:40| authenticateNTLMAuthenticateUser: Locking auth_user from the connection. 2003/09/03 08:15:40| authenticateAuthUserRequestLock auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateAuthUserRequestLock auth_user request '0x559ba5a8' now at '2'. 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| User not fully authenticated. 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateStart: auth_user_request '0x559ba5a8' 2003/09/03 08:15:40| authenticateNTLMStart: auth state '1' 2003/09/03 08:15:40| authenticateNTLMStart: state '1' 2003/09/03 08:15:40| authenticateNTLMStart: 'TlRMTVNTUAABAAAAB7IAoAwADAAoAAAACAAIACAAAABCQzAwNjc4NFRDU19NQUlOX0RPTX= =' 2003/09/03 08:15:40| authenticateNTLMHelperServerAvailable: not starving - returning 1 2003/09/03 08:15:40| authenticateNTLMChangeChallenge_p: first use 2003/09/03 08:15:40| authenticateNTLMStart: helper '0x557d9470' assigned 2003/09/03 08:15:40| authenticateNTLMValidChallenge: Challenge is Invalid [2003/09/03 08:15:40, 10] utils/ntlm_auth.c:manage_squid_request(1061) Got 'YR' from squid (length: 2). [2003/09/03 08:15:40, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(312) got NTLMSSP packet: [2003/09/03 08:15:40, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(322) NTLMSSP challenge 2003/09/03 08:15:40| authenticateNTLMHandleReply: Helper: '0x557d9470' {TT TlRMTVNTUAACAAAAAAAAADAAAAACAgAgJt9X786e84sAAAAAAAAAAAAAAAAwAAAA} 2003/09/03 08:15:40| authenticateNTLMHandleReply: helper '0x557d9470' 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| User not fully authenticated. 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| User not fully authenticated. 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| User not fully authenticated. 2003/09/03 08:15:40| authenticateAuthUserRequestLock auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateAuthUserRequestLock auth_user request '0x559ba5a8' now at '3'. 2003/09/03 08:15:40| authenticateAuthUserRequestUnlock auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateAuthUserRequestUnlock auth_user_request '0x559ba5a8' now at '2'. 2003/09/03 08:15:40| authenticateAuthUserRequestLock auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateAuthUserRequestLock auth_user request '0x559ba5a8' now at '3'. 2003/09/03 08:15:40| authenticateFixHeader: headertype:34 authuser:0x559ba5a8 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| User not fully authenticated. 2003/09/03 08:15:40| authenticateNTLMFixErrorHeader: Sending type:34 header: 'NTLM TlRMTVNTUAACAAAAAAAAADAAAAACAgAgJt9X786e84sAAAAAAAAAAAAAAAAwAAAA' 2003/09/03 08:15:40| authenticateFixHeader: headertype:34 authuser:0x559ba5a8 2003/09/03 08:15:40| authenticateAuthUserRequestUnlock auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateAuthUserRequestUnlock auth_user_request '0x559ba5a8' now at '2'. 2003/09/03 08:15:40| NTLM HandleReply, telling stateful helper : 3 2003/09/03 08:15:40| authenticateNTLMHelperServerAvailable: not starving - returning 1 2003/09/03 08:15:40| authenticateAuthUserRequestUnlock auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateAuthUserRequestUnlock auth_user_request '0x559ba5a8' now at '1'. 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| User not fully authenticated. 2003/09/03 08:15:40| authenticateAuthUserRequestLock auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateAuthUserRequestLock auth_user request '0x559ba5a8' now at '2'. 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| User not fully authenticated. 2003/09/03 08:15:40| authenticateNTLMAuthenticateUser: auth state challenge with header NTLM TlRMTVNTUAADAAAAGAAYAFsAAAAYABgAcwAAAAwADABAAAAABwAHAEwAAAAIAAgAUwAAAAAA AACLAAAABgIAIFRDU19NQUlOX0RPTUpBUkJPRURCQzAwNjc4NON8EoE7fMsT6jvmLE4o/21h ZkcIaibynLCXFLHy8rti9ODY4m9avPWULzf7R5yBzw==. 2003/09/03 08:15:40| aclMatchProxyAuth: cache lookup with key 'NTLM TlRMTVNTUAADAAAAGAAYAFsAAAAYABgAcwAAAAwADABAAAAABwAHAEwAAAAIAAgAUwAAAAAA AACLAAAABgIAIFRDU19NQUlOX0RPTUpBUkJPRURCQzAwNjc4NON8EoE7fMsT6jvmLE4o/21h ZkcIaibynLCXFLHy8rti9ODY4m9avPWULzf7R5yBzw==TlRMTVNTUAACAAAAAAAAADAAAAAC AgAgJt9X786e84sAAAAAAAAAAAAAAAAwAAAA' 2003/09/03 08:15:40| authenticateNTLMAuthenticateUser: proxy-auth cache miss. 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| User not fully authenticated. 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateStart: auth_user_request '0x559ba5a8' 2003/09/03 08:15:40| authenticateNTLMStart: auth state '3' 2003/09/03 08:15:40| authenticateNTLMStart: Asking NTLMauthenticator '0x557d9470'. 2003/09/03 08:15:40| authenticateNTLMStart: state '3' 2003/09/03 08:15:40| authenticateNTLMStart: 'TlRMTVNTUAADAAAAGAAYAFsAAAAYABgAcwAAAAwADABAAAAABwAHAEwAAAAIAAgAUwAAAAA AAACLAAAABgIAIFRDU19NQUlOX0RPTUpBUkJPRURCQzAwNjc4NON8EoE7fMsT6jvmLE4o/21 hZkcIaibynLCXFLHy8rti9ODY4m9avPWULzf7R5yBzw==' 2003/09/03 08:15:40| authenticateNTLMstart: finished [2003/09/03 08:15:40, 10] utils/ntlm_auth.c:manage_squid_request(1061) Got 'KK TlRMTVNTUAADAAAAGAAYAFsAAAAYABgAcwAAAAwADABAAAAABwAHAEwAAAAIAAgAUwAAAAAA AACLAAAABgIAIFRDU19NQUlOX0RPTUpBUkJPRURCQzAwNjc4NON8EoE7fMsT6jvmLE4o/21h ZkcIaibynLCXFLHy8rti9ODY4m9avPWULzf7R5yBzw==' from squid (length: 191). [2003/09/03 08:15:40, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(312) got NTLMSSP packet: [2003/09/03 08:15:40, 10] lib/util.c:dump_data(1887) [000] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........ [010] 5B 00 00 00 18 00 18 00 73 00 00 00 0C 00 0C 00 [....... s....... [020] 40 00 00 00 07 00 07 00 4C 00 00 00 08 00 08 00 @....... L....... [030] 53 00 00 00 00 00 00 00 8B 00 00 00 06 02 00 20 S....... ....... [040] 54 43 53 5F 4D 41 49 4E 5F 44 4F 4D 4A 41 52 42 TCS_MAIN _DOMJARB [050] 4F 45 44 42 43 30 30 36 37 38 34 E3 7C 12 81 3B OEDBC006 784.|..; [060] 7C CB 13 EA 3B E6 2C 4E 28 FF 6D 61 66 47 08 6A |...;.,N (.mafG.j [070] 26 F2 9C B0 97 14 B1 F2 F2 BB 62 F4 E0 D8 E2 6F &....... ..b....o [080] 5A BC F5 94 2F 37 FB 47 9C 81 CF 00 Z.../7.G .... [2003/09/03 08:15:40, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(292) Got user=[JARBOED] domain=[TCS_MAIN_DOM] workstation=[BC006784] len1=24 len2=24 [2003/09/03 08:15:40, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(325) NTLMSSP NT_STATUS_ACCESS_DENIED 2003/09/03 08:15:40| authenticateNTLMHandleReply: Helper: '0x557d9470' {NA NT_STATUS_ACCESS_DENIED} 2003/09/03 08:15:40| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'NA NT_STATUS_ACCESS_DENIED' 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| User not fully authenticated. 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| User not fully authenticated. 2003/09/03 08:15:40| authenticateNTLMAuthenticateUser: auth state ntlm failed. NTLM TlRMTVNTUAADAAAAGAAYAFsAAAAYABgAcwAAAAwADABAAAAABwAHAEwAAAAIAAgAUwAAAAAA AACLAAAABgIAIFRDU19NQUlOX0RPTUpBUkJPRURCQzAwNjc4NON8EoE7fMsT6jvmLE4o/21h ZkcIaibynLCXFLHy8rti9ODY4m9avPWULzf7R5yBzw== 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| User not fully authenticated. 2003/09/03 08:15:40| authenticateAuthUserRequestUnlock auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateAuthUserRequestUnlock auth_user_request '0x559ba5a8' now at '1'. 2003/09/03 08:15:40| authenticateAuthUserRequestLock auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateAuthUserRequestLock auth_user request '0x559ba5a8' now at '2'. 2003/09/03 08:15:40| authenticateFixHeader: headertype:34 authuser:0x559ba5a8 2003/09/03 08:15:40| authenticateValidateUser: Validating Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateValidateUser: Validated Auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| User not fully authenticated. 2003/09/03 08:15:40| authenticateNTLMFixErrorHeader: Sending type:34 header: 'NTLM' 2003/09/03 08:15:40| authenticateAuthUserRequestUnlock auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateAuthUserRequestUnlock auth_user_request '0x559ba5a8' now at '1'. 2003/09/03 08:15:40| NTLM HandleReply, telling stateful helper : 2 2003/09/03 08:15:40| authenticateNTLMHelperServerAvailable: not starving - returning 1 2003/09/03 08:15:40| authenticateAuthUserRequestUnlock auth_user request '0x559ba5a8'. 2003/09/03 08:15:40| authenticateAuthUserRequestUnlock auth_user_request '0x559ba5a8' now at '0'. 2003/09/03 08:15:40| authenticateAuthUserRequestFree: freeing request 0x559ba5a8 2003/09/03 08:15:40| authenticateAuthUserUnlock auth_user '0x559ba5c0'. 2003/09/03 08:15:40| authenticateAuthUserUnlock auth_user '0x559ba5c0' now at '0'. 2003/09/03 08:15:40| authenticateFreeProxyAuthUser: Freeing auth_user '0x559ba5c0' with refcount '0'. 2003/09/03 08:15:40| authenticateNTLMFreeUser: Clearing NTLM scheme data ----------------------------------------------------------------------- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba