SQUID ERROR: NTLM Authentication validating user. NT_STATUS_UNSUCCESSFUL

Ошибка при аутентификации ntlm_auth
Аутентификация ntlm не работает(NTLM Authentication validating user. Result: {result=BH, notes={message: NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL; }} ) если не добавить нужные права:

chgrp winbindd_priv /var/lib/samba/winbindd_privileged
gpasswd -a proxy winbindd_priv

Обязательно остановите и перезапустите squid.

Наблюдалось как в Debian 8 так и в 10.

Выдержка из man ntlm_auth:
The winbindd(8) daemon must be operational for many of these commands to function.

Some of these commands also require access to the directory winbindd_privileged in $LOCKDIR. This should be done either by running this command as root or providing group access to the winbindd_privileged directory. For security reasons, this directory should not be world-accessable.

Server-side helper for use with Squid 2.5’s NTLMSSP authentication.

Requires access to the directory winbindd_privileged in $LOCKDIR. The protocol used is described here: http://devel.squid-cache.org/ntlm/squid_helper_protocol.html. This protocol has been extended to allow the NTLMSSP Negotiate packet to be included as an argument to the YR command. (Thus avoiding loss of information in the protocol exchange).

Добавить комментарий

Ваш адрес email не будет опубликован.