Hi, This is an example of the config. The workgroup is different at the client.
[global] winbind separator = + winbind cache time = 10 workgroup = MASTERMIND security = domain winbind uid = 10000-20000 winbind gid = 10000-20000 winbind use default domain = yes realm = client ntlmv2 auth = yes Thanks for the help Cheers Ian -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of samba Sent: 01 November 2005 12:38 PM To: samba@lists.samba.org Subject: [Samba] Re: NTLM Problems Please, post your smb.conf "Ian Barnes" <[EMAIL PROTECTED]> ha scritto nel messaggio news:[EMAIL PROTECTED] > Hi, > > I am running squid and samba to auth users against a 2003 domain. My squid > setup is something like this: > > auth_param ntlm program /usr/local/libexec/squid/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 2 minutes > auth_param ntlm children 2 > auth_param basic program /usr/local/libexec/squid/ntlm_auth > --helper-protocol=squid-2.5-basic > auth_param basic children 2 > auth_param basic realm Cache NTLM Authentication > auth_param basic credentialsttl 2 hours > > I then join the domain as follows: > Net join -S server -w Domain -U username%password > > Once that has succeeded I then run winbindd and nmbd. Once that is done, > if > I do a wbinfo -u or -g I can see the users and groups of the users I am > authenticating. All seems fine, but when a user tries to auth, the > following > error occurs: > > [2005/10/31 11:43:36, 0] utils/ntlm_auth.c:winbind_pw_check(427) > Login for user [EMAIL PROTECTED] failed due to [Access denied] > [2005/10/31 11:43:36, 0] > utils/ntlm_auth.c:manage_squid_ntlmssp_request(600) > NTLMSSP BH: NT_STATUS_ACCESS_DENIED > > If I run a wbinfo -a Proxy2%Password_1 (A valid user and password), I get > this: > [EMAIL PROTECTED] ~ # wbinfo -a Proxy2%Password_1 > plaintext password authentication failed > error code was NT_STATUS_ACCESS_DENIED (0xc0000022) > error messsage was: Access denied > Could not authenticate user Proxy2%Password_1 with plaintext password > challenge/response password authentication failed > error code was NT_STATUS_ACCESS_DENIED (0xc0000022) > error messsage was: Access denied > Could not authenticate user Proxy2 with challenge/response > [EMAIL PROTECTED] ~ # > > The user that I am joining the domain with (in net join) has the following > set: > * The account is a local administrator on the device, specified within AD > * The account has full read access to all user information, it was > delegated > to me. > > Something else that's strange is that I saw this error a while ago, and > while trying to debug it, it just stopped occurring, and my users could > auth > fine. The domain im authing to has over 1000 users (in the lab where we > are > testing) and over 2000 groups. > > Could anyone provide some more insight as to why this is happening? > > Cheers > Ian > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba