daniel.jarboe@custserv.com
2003-Aug-06 11:58 UTC
[Samba] Samba 3 beta 3 helpers and squid?
I'm trying the new RHEL 3 beta, which comes with samba 3 beta 3, and squid 2.5.STABLE3. Both samba and squid seem appropriately compiled... and I'm using the same config files as samba 2.2.8a and squid 2.5.stable3 (which worked), but windows authentication with the helpers is failing. I asked the squid list first, and got "Samba 3 supports Basic and NTLM authentication for Squid and many other programs. See the Samba release notes (I think). With Samba 3 you DO NOT use the helpers shipped with Squid. Samba 3 includes it's own authentication helper." Yet I find no references to samba's own authentication helper in the README or HOWTO-Collection. What authentication helpers should I be using? This is what I'm seeing. wbinfo -a DOMAIN\\user%password returns plaintext password authentication succeeded challenge/response password authentication succeeded Yet the squid helpers give errors: ./wb_group -d /wb_group[8231](wb_check_group.c:322): External ACL winbindd group helper build Jul 16 2003, 14:34:52 starting up... DOMAIN\user Group /wb_group[8231](wb_check_group.c:343): Got 'DOMAIN\user Group' from Squid (length: 33). /wb_group[8231](wb_check_group.c:231): Warning: Can't enum user groups. ERR and # ./wb_auth -d /wb_auth[8232](wb_basic_auth.c:168): basic winbindd auth helper build Jul 16 2003, 14:34:36 starting up... DOMAIN\User password /wb_auth[8232](wb_basic_auth.c:129): Got 'DOMAIN\User from squid (length: 29). /wb_auth[8232](wb_basic_auth.c:55): winbindd result: -1 /wb_auth[8232](wb_basic_auth.c:60): sending 'ERR' to squid ERR Does samba 3 use different helpers, or should I be opening up a bug report for redhat? Thanks, ~ Daniel ----------------------------------------------------------------------- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 6 Aug 2003 daniel.jarboe@custserv.com wrote:> I'm trying the new RHEL 3 beta, which comes with samba 3 beta 3, and > squid 2.5.STABLE3. Both samba and squid seem appropriately compiled... > and I'm using the same config files as samba 2.2.8a and squid > 2.5.stable3 (which worked), but windows authentication with the helpers > is failing. > > I asked the squid list first, and got > "Samba 3 supports Basic and NTLM authentication for Squid and many > other programs. See the Samba release notes (I think). > > With Samba 3 you DO NOT use the helpers shipped with Squid. Samba 3 > includes it's own authentication helper." > > Yet I find no references to samba's own authentication helper in the > README or HOWTO-Collection. What authentication helpers should I be > using?It's the ntlm_auth tool I think. Andrew Bartlet would know. cheers, jerry ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE/MR1BIR7qMdg1EfYRAlz/AKCwJgIEcnb4Xvzco5B27dLZXd2zWgCg2wqP QU68sAR2SYUVEyLhU3t1gdE=uOsl -----END PGP SIGNATURE-----
daniel.jarboe@custserv.com
2003-Aug-07 11:28 UTC
[Samba] Samba 3 beta 3 helpers and squid?
On August 06, 2003 5:52 PM Andrew Bartlett wrote:> Yep - and I really should doco it better... > > ntlm_auth --helper-protocol=xyz > > where for squid xyz is one of: > > squid-2.4-basic > squid-2.5-basic > squid-2.5-ntlmssp > > The last one is the NTLM helper, naturally.So would these be the proper auth_param program lines to use samba 3's new ntlm_auth tool (2.5.STABLE3)? auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic Reason I ask is I get prompted for three box basic (User Name,Password,Domain) Adding --domain==MY_DOMAIN only fills in that box when IE falls to basic, and authentication always fails. Thanks for any help, ~ Daniel ----------------------------------------------------------------------- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you.
daniel.jarboe@custserv.com
2003-Aug-08 15:23 UTC
[Samba] Samba 3 beta 3 helpers and squid?
ntlm_auth basic works, but ntlm doesn't appear to. Any chance of implementing -l like in the man page? The messages below are from squid's cache log. [2003/08/08 11:00:19, 10] utils/ntlm_auth.c:manage_squid_request(374) Got 'YR' from squid (length: 2). [2003/08/08 11:00:19, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(296) got NTLMSSP packet: [2003/08/08 11:00:19, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(306) NTLMSSP challenge [2003/08/08 11:00:19, 10] utils/ntlm_auth.c:manage_squid_request(374) Got 'KK TlRMTVNTUAADAAAAGAAYAFsAAAAYABgAcwAAAAwADABAAAAABwAHAEwAAAAIAAgAUwAAAAAA AACLAAAABgIAIFRDU19NQUlOX0RPTUpBUkJPRURCQzAwNjc4NNn7Yl6XTBHkXHQAwwOrD5hN 2tl9N3RVsZo2QnBIoeLXMFPKDfb5lzrR+rE/oeQRaA==' from squid (length: 191). [2003/08/08 11:00:19, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(296) got NTLMSSP packet: (Then there's a 10] lib/util.c:dump_data(1887), 140 bytes, would that be useful?) [2003/08/08 11:00:19, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(283) Got user=[JARBOED] domain=[TCS_MAIN_DOM] workstation=[BC006784] len1=24 len2=24 [2003/08/08 11:00:19, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(309) NTLMSSP NT_STATUS_ACCESS_DENIED When I browser uses a different proxy (samba 2.2.8a and wb_ntlmauth), NTLM works. Do you see anything suspicious? ~ Daniel ----------------------------------------------------------------------- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you.