Ошибка при аутентификации ntlm_auth
Аутентификация ntlm не работает(NTLM Authentication validating user. Result: {result=BH, notes={message: NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL; }} ) если не добавить нужные права:
chgrp winbindd_priv /var/lib/samba/winbindd_privileged
gpasswd -a proxy winbindd_priv
Обязательно остановите и перезапустите squid.
Наблюдалось как в Debian 8 так и в 10.
Выдержка из man ntlm_auth:
OPERATIONAL REQUIREMENTS
The winbindd(8) daemon must be operational for many of these commands to function.
Some of these commands also require access to the directory winbindd_privileged in $LOCKDIR. This should be done either by running this command as root or providing group access to the winbindd_privileged directory. For security reasons, this directory should not be world-accessable.
squid-2.5-ntlmssp
Server-side helper for use with Squid 2.5’s NTLMSSP authentication.
Requires access to the directory winbindd_privileged in $LOCKDIR. The protocol used is described here: http://devel.squid-cache.org/ntlm/squid_helper_protocol.html. This protocol has been extended to allow the NTLMSSP Negotiate packet to be included as an argument to the YR command. (Thus avoiding loss of information in the protocol exchange).