+++ This bug was initially created as a clone of Bug #11912 +++ Following a recent upgrade, I'm getting NTLM Authentication issues on my Squid proxy server (has been running fine for the last 18 months): Am running: Ubuntu Server 14.04.1 LTS Winbind: 2:4.3.9+dfsg-0ubuntu0.14.04.1 Samba: 2:4.3.9+dfsg-0ubuntu0.14.04.1 Squid3: 3.3.8-1ubuntu6.6 Authenticating against Active Directory - has been working really well for the last 18 months, then stopped working about a week ago. Errors in cache.log: 2016/05/09 06:20:07| Too few ntlmauthenticator processes are running (need 1/10) 2016/05/09 06:20:07| Starting new helpers 2016/05/09 06:20:07| helperOpenServers: Starting 1/10 'ntlm_auth' processes 2016/05/09 06:20:07| ERROR: NTLM Authentication Helper '0x7f313ea68318' crashed!. 2016/05/09 06:20:07| ERROR: NTLM Authentication validating user. Error returned 'BH Internal error' 2016/05/09 06:20:08| WARNING: ntlmauthenticator #1 exited Errors in syslog: May 9 06:20:09 optsquidproxy kernel: [228590.127125] ntlm_auth[8850]: segfault at 8 ip 00007f201ec729b0 sp 00007ffda249aae8 error 4 in libsamba-security.so.0[7f201ec67000+1b000] Squid is using pure NTLM authentication (taken from squid.conf): ### pure ntlm authentication auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=MYDOMAIN auth_param ntlm children 10 auth_param ntlm keep_alive off
From https://bugzilla.samba.org/show_bug.cgi?id=11912#c10 Just tried pulling the update from Marc Deslaurs' PPA (ppa:mdeslaur/testing) but still getting the same problem. After adding the PPA: sudo apt-get update sudo apt-get upgrade samba (which brought in all dependencies) Then rebooted the server for good measure :) The following error messages were from after the reboot, and I'm still getting issues when trying to authenticate via the squid proxy. samba: Installed: 2:4.3.9+dfsg-0ubuntu0.14.04.2~ppa1 Candidate: 2:4.3.9+dfsg-0ubuntu0.14.04.2~ppa1 Version table: *** 2:4.3.9+dfsg-0ubuntu0.14.04.2~ppa1 0 500 http://ppa.launchpad.net/mdeslaur/testing/ubuntu/ trusty/main amd64 Packages 100 /var/lib/dpkg/status 2:4.3.9+dfsg-0ubuntu0.14.04.1 0 500 http://optubunturepository.MYDOMAIN.net/ubuntu/ trusty-updates/main amd64 Packages 500 http://optubunturepository.MYDOMAIN.net/ubuntu/ trusty-security/main amd64 Packages 2:4.1.6+dfsg-1ubuntu2 0 500 http://optubunturepository.MYDOMAIN.net/ubuntu/ trusty/main amd64 Packages syslog: May 10 14:31:11 optsquidproxy kernel: [ 206.928248] ntlm_auth[2264]: segfault at 8 ip 00007f68e2aba9b0 sp 00007fff384ec2c8 error 4 in libsamba-security.so.0[7f68e2aaf000+1b000] cache.log: 2016/05/10 14:32:42| WARNING: ntlmauthenticator #1 exited 2016/05/10 14:32:42| Too few ntlmauthenticator processes are running (need 1/10) 2016/05/10 14:32:42| Starting new helpers 2016/05/10 14:32:42| helperOpenServers: Starting 1/10 'ntlm_auth' processes 2016/05/10 14:32:42| ERROR: NTLM Authentication Helper '0x7f8368efb268' crashed!. 2016/05/10 14:32:42| ERROR: NTLM Authentication validating user. Error returned 'BH Internal error'
Can you prefix the "auth_param ntlm program" parameter with "valgrind --num-callers=30 --track-origins=yes --log-file=/tmp/valgrind.ntlm_auth.%p" And submit the valgrind.ntlm_auth.* files. Please also make sure you install all samba related debug packages. Thanks!
Okay - this is weird. I was getting the authentication issue this morning - saw this post, so installed both the valgrind and samba_dbg packages. Then, updated /etc/samba/smb.conf to prefix the "auth_param ntlm program" parameter with: valgrind --num-callers=30 --track-origins=yes --log-file=/tmp/valgrind.ntlm_auth.%p Restarted the squid3 service - and I'm no longer getting the authentication issue! Could something in the Samba debug package have 'fixed' the problem?
Ah - looks like Squid is no longer happy. I've not used valgrind before, and it seems to be upsetting Squid! You can see from the below that I restart squid around 06:30:43 /var/log/squid3/cache.log: 2016/05/11 06:29:55| Starting new helpers 2016/05/11 06:29:55| helperOpenServers: Starting 1/10 'ntlm_auth' processes 2016/05/11 06:29:55| ERROR: NTLM Authentication Helper '0x7f8368f3cdd8' crashed!. 2016/05/11 06:29:55| ERROR: NTLM Authentication validating user. Error returned 'BH Internal error' 2016/05/11 06:30:38| WARNING: ntlmauthenticator #1 exited 2016/05/11 06:30:38| Too few ntlmauthenticator processes are running (need 1/10) 2016/05/11 06:30:38| Starting new helpers 2016/05/11 06:30:38| helperOpenServers: Starting 1/10 'ntlm_auth' processes 2016/05/11 06:30:38| ERROR: NTLM Authentication Helper '0x7f8368f010a8' crashed!. 2016/05/11 06:30:38| ERROR: NTLM Authentication validating user. Error returned 'BH Internal error' 2016/05/11 06:30:43| Preparing for shutdown after 6682 requests 2016/05/11 06:30:43| Waiting 0 seconds for active connections to finish 2016/05/11 06:30:43| Closing HTTP port [::]:3128 2016/05/11 06:30:43| Closing Pinger socket on FD 11 2016/05/11 06:30:43| Shutdown: NTLM authentication. 2016/05/11 06:30:43| Shutdown: Negotiate authentication. 2016/05/11 06:30:43| Shutdown: Digest authentication. 2016/05/11 06:30:43| Shutdown: Basic authentication. 2016/05/11 06:30:44| Shutting down... 2016/05/11 06:30:44| storeDirWriteCleanLogs: Starting... 2016/05/11 06:30:44| Finished. Wrote 0 entries. 2016/05/11 06:30:44| Took 0.00 seconds ( 0.00 entries/sec). CPU Usage: 18.820 seconds = 6.621 user + 12.199 sys Maximum Resident Size: 88144 KB Page faults with physical i/o: 44 Memory usage for squid via mallinfo(): total space in arena: 5244 KB Ordinary blocks: 5136 KB 72 blks Small blocks: 0 KB 19 blks Holding blocks: 36892 KB 8 blks Free Small blocks: 0 KB Free Ordinary blocks: 107 KB Total in use: 42028 KB 801% Total free: 108 KB 2% 2016/05/11 06:30:44| Logfile: closing log daemon:/var/log/squid3/access.log 2016/05/11 06:30:44| Logfile Daemon: closing log daemon:/var/log/squid3/access.log 2016/05/11 06:30:44| Open FD UNSTARTED 5 DNS Socket IPv6 2016/05/11 06:30:44| Open FD UNSTARTED 6 DNS Socket IPv4 2016/05/11 06:30:44| Open FD UNSTARTED 7 IPC UNIX STREAM Parent 2016/05/11 06:30:44| Open FD UNSTARTED 10 ntlm_auth #1 2016/05/11 06:30:44| Open FD UNSTARTED 12 ntlm_auth #1 2016/05/11 06:30:44| Open FD UNSTARTED 13 ntlm_auth #1 2016/05/11 06:30:44| Open FD UNSTARTED 14 ntlm_auth #1 2016/05/11 06:30:44| Open FD UNSTARTED 15 ntlm_auth #1 2016/05/11 06:30:44| Open FD UNSTARTED 16 ntlm_auth #1 2016/05/11 06:30:44| Open FD UNSTARTED 17 ntlm_auth #1 2016/05/11 06:30:44| Open FD UNSTARTED 18 ntlm_auth #1 2016/05/11 06:30:44| Open FD UNSTARTED 19 ntlm_auth #1 2016/05/11 06:30:44| Open FD UNSTARTED 20 ntlm_auth #1 2016/05/11 06:30:44| Squid Cache (Version 3.3.8): Exiting normally. 2016/05/11 06:30:56| Pinger exiting. syslog: May 11 06:28:01 optsquidproxy puppet-agent[22444]: Finished catalog run in 1.79 seconds May 11 06:28:28 optsquidproxy kernel: [57636.712487] ntlm_auth[21745]: segfault at 8 ip 00007fd95d39d9b0 sp 00007ffecc66b688 error 4 in libsamba-security.so.0[7fd95d392000+1b000] May 11 06:28:29 optsquidproxy kernel: [57637.897348] ntlm_auth[21791]: segfault at 8 ip 00007fccdc5af9b0 sp 00007fffee4a2c18 error 4 in libsamba-security.so.0[7fccdc5a4000+1b000] May 11 06:29:55 optsquidproxy kernel: [57723.983868] ntlm_auth[21793]: segfault at 8 ip 00007f7defb339b0 sp 00007fffd7c08d48 error 4 in libsamba-security.so.0[7f7defb28000+1b000] May 11 06:30:01 optsquidproxy CRON[22777]: (root) CMD (/root/scripts/ClientRebootChecker.sh >/dev/null 2>&1) May 11 06:30:37 optsquidproxy kernel: [57766.362221] ntlm_auth[22427]: segfault at 8 ip 00007f400944d9b0 sp 00007ffe1ce8ad28 error 4 in libsamba-security.so.0[7f4009442000+1b000] May 11 06:30:44 optsquidproxy squid3: ERROR: Invalid ACL: acl auth proxy_auth REQUIRED May 11 06:30:44 optsquidproxy kernel: [57772.817590] init: squid3 main process (22824) terminated with status 1 May 11 06:30:44 optsquidproxy kernel: [57772.817616] init: squid3 main process ended, respawning May 11 06:30:44 optsquidproxy squid3: ERROR: Invalid ACL: acl auth proxy_auth REQUIRED May 11 06:30:44 optsquidproxy kernel: [57772.895664] init: squid3 main process (22836) terminated with status 1 May 11 06:30:44 optsquidproxy kernel: [57772.895689] init: squid3 main process ended, respawning May 11 06:30:44 optsquidproxy squid3: ERROR: Invalid ACL: acl auth proxy_auth REQUIRED May 11 06:30:44 optsquidproxy kernel: [57772.971701] init: squid3 main process (22848) terminated with status 1 May 11 06:30:44 optsquidproxy kernel: [57772.971726] init: squid3 main process ended, respawning May 11 06:30:44 optsquidproxy squid3: ERROR: Invalid ACL: acl auth proxy_auth REQUIRED May 11 06:30:44 optsquidproxy kernel: [57773.047014] init: squid3 main process (22860) terminated with status 1 May 11 06:30:44 optsquidproxy kernel: [57773.047038] init: squid3 main process ended, respawning May 11 06:30:44 optsquidproxy squid3: ERROR: Invalid ACL: acl auth proxy_auth REQUIRED May 11 06:30:44 optsquidproxy kernel: [57773.120507] init: squid3 main process (22872) terminated with status 1 May 11 06:30:44 optsquidproxy kernel: [57773.120536] init: squid3 main process ended, respawning May 11 06:30:44 optsquidproxy squid3: ERROR: Invalid ACL: acl auth proxy_auth REQUIRED May 11 06:30:44 optsquidproxy kernel: [57773.195645] init: squid3 main process (22884) terminated with status 1 May 11 06:30:44 optsquidproxy kernel: [57773.195671] init: squid3 main process ended, respawning May 11 06:30:44 optsquidproxy squid3: ERROR: Invalid ACL: acl auth proxy_auth REQUIRED May 11 06:30:44 optsquidproxy kernel: [57773.273215] init: squid3 main process (22896) terminated with status 1 May 11 06:30:44 optsquidproxy kernel: [57773.273239] init: squid3 main process ended, respawning May 11 06:30:44 optsquidproxy squid3: ERROR: Invalid ACL: acl auth proxy_auth REQUIRED May 11 06:30:44 optsquidproxy kernel: [57773.349107] init: squid3 main process (22908) terminated with status 1 May 11 06:30:44 optsquidproxy kernel: [57773.349132] init: squid3 main process ended, respawning May 11 06:30:44 optsquidproxy squid3: ERROR: Invalid ACL: acl auth proxy_auth REQUIRED May 11 06:30:44 optsquidproxy kernel: [57773.424162] init: squid3 main process (22920) terminated with status 1 May 11 06:30:44 optsquidproxy kernel: [57773.424188] init: squid3 main process ended, respawning May 11 06:30:44 optsquidproxy squid3: ERROR: Invalid ACL: acl auth proxy_auth REQUIRED May 11 06:30:44 optsquidproxy kernel: [57773.501800] init: squid3 main process (22932) terminated with status 1 May 11 06:30:44 optsquidproxy kernel: [57773.501825] init: squid3 main process ended, respawning May 11 06:30:45 optsquidproxy squid3: ERROR: Invalid ACL: acl auth proxy_auth REQUIRED May 11 06:30:45 optsquidproxy kernel: [57773.577021] init: squid3 main process (22944) terminated with status 1 May 11 06:30:45 optsquidproxy kernel: [57773.577044] init: squid3 respawning too fast, stopped Have I made the change correctly to enable valgrind debugging? squid.conf: ### /etc/squid3/squid.conf Configuration File #### cache_mgr support@MYDOMAIN.co.uk ### pure ntlm authentication valgrind --num-callers=30 --track-origins=yes --log-file=/tmp/valgrind.ntlm_auth.%p auth_param ntlm program /usr/bin$ auth_param ntlm children 10 auth_param ntlm keep_alive off ### acl for proxy auth and ldap authorizations acl auth proxy_auth REQUIRED acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http #acl direct dstdomain "/etc/squid3/domains.txt" # exceptions handled via .pac file acl CONNECT method CONNECT ### enforce authentication http_access deny !Safe_ports http_access deny !auth http_access allow auth http_access allow localhost manager #http_access allow direct # exceptions handled via .pac file #http_access allow redbox # exceptions handled via .pac file #http_access allow mitel # exceptions handled via .pac file http_access deny manager http_access deny all When I remove the valgrind prefix from the "auth_param ntlm program" directive, squid starts without any problems - and I have the segfault again in syslog: May 11 06:45:20 optsquidproxy kernel: [58649.143109] ntlm_auth[23333]: segfault at 8 ip 00007fd13252e9b0 sp 00007ffc1949e018 error 4 in libsamba-security.so.0[7fd132523000+1b000] And the same errors in cache.log: 2016/05/11 06:48:00| WARNING: ntlmauthenticator #1 exited 2016/05/11 06:48:00| Too few ntlmauthenticator processes are running (need 1/10) 2016/05/11 06:48:00| Starting new helpers 2016/05/11 06:48:00| helperOpenServers: Starting 1/10 'ntlm_auth' processes 2016/05/11 06:48:00| ERROR: NTLM Authentication Helper '0x7fba97ca1578' crashed!. 2016/05/11 06:48:00| ERROR: NTLM Authentication validating user. Error returned 'BH Internal error'
Paul, you have an error in your squid.conf file. The section should look like this: ### pure ntlm authentication auth_param ntlm program valgrind --num-callers=30 --track-origins=yes --log-file=/tmp/valgrind.ntlm_auth.%p /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 auth_param ntlm keep_alive off The first part should be all on the same line, ie: three lines that start with "auth_param".
Okay - I've tried that but Squid still fails to start. My smb.conf now has: ### pure ntlm authentication auth_param ntlm program valgrind --num-callers=30 --track-origins=yes --log-file=/tmp/valgrind.ntlm_auth.%p /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=MYDOMAIN #auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=MYDOMAIN auth_param ntlm children 10 auth_param ntlm keep_alive off Are the otherstrinati@optsquidproxy:/etc/squid3$ sudo tail /var/log/squid3/cache.log 2016/05/11 07:26:40| Logfile Daemon: closing log daemon:/var/log/squid3/access.log 2016/05/11 07:26:40| Open FD UNSTARTED 6 DNS Socket IPv6 2016/05/11 07:26:40| Open FD UNSTARTED 7 DNS Socket IPv4 2016/05/11 07:26:40| Open FD UNSTARTED 8 IPC UNIX STREAM Parent 2016/05/11 07:26:40| Open FD UNSTARTED 11 ntlm_auth #1 2016/05/11 07:26:40| Open FD UNSTARTED 13 ntlm_auth #1 2016/05/11 07:26:40| Open FD UNSTARTED 15 ntlm_auth #1 2016/05/11 07:26:40| Open FD UNSTARTED 16 ntlm_auth #1 2016/05/11 07:26:40| Squid Cache (Version 3.3.8): Exiting normally. 2016/05/11 07:26:44| Pinger exiting. pstrinati@optsquidproxy:/etc/squid3$ sudo tail /var/log/syslog May 11 11:59:03 optsquidproxy kernel: [77471.694682] init: squid3 main process ended, respawning May 11 11:59:03 optsquidproxy squid3: auth_param ntlm program valgrind: (2) No such file or directory May 11 11:59:03 optsquidproxy kernel: [77471.751033] init: squid3 main process (29704) terminated with status 1 May 11 11:59:03 optsquidproxy kernel: [77471.751057] init: squid3 main process ended, respawning May 11 11:59:03 optsquidproxy squid3: auth_param ntlm program valgrind: (2) No such file or directory May 11 11:59:03 optsquidproxy kernel: [77471.807452] init: squid3 main process (29716) terminated with status 1 May 11 11:59:03 optsquidproxy kernel: [77471.807476] init: squid3 main process ended, respawning May 11 11:59:03 optsquidproxy squid3: auth_param ntlm program valgrind: (2) No such file or directory May 11 11:59:03 optsquidproxy kernel: [77471.863984] init: squid3 main process (29728) terminated with status 1 May 11 11:59:03 optsquidproxy kernel: [77471.864054] init: squid3 respawning too fast, stopped pstrinati@optsquidproxy:/etc/squid3$
Created attachment 12097 [details] valgrind ntlm_auth
Created attachment 12098 [details] valgrind ntlm_auth
Paul, you need to install valgrind, with the following command: sudo apt-get install valgrind
Hi Marc - it is installed: pstrinati@optsquidproxy:/etc/squid3$ sudo apt-cache policy valgrind [sudo] password for pstrinati: valgrind: Installed: 1:3.10.1-1ubuntu3~14.04 Candidate: 1:3.10.1-1ubuntu3~14.04 Version table: *** 1:3.10.1-1ubuntu3~14.04 0 500 http://optubunturepository.optimumcredit.net/ubuntu/ trusty-updates/main amd64 Packages 100 /var/lib/dpkg/status 1:3.10~20140411-0ubuntu1 0 500 http://optubunturepository.optimumcredit.net/ubuntu/ trusty/main amd64 Packages pstrinati@optsquidproxy:/etc/squid3$ But for some reason Squid doesn't start when I update the smb.conf to use valgrind on the auth_param ntlm program parameter.
Try specifying the full path to the valgrind binary: auth_param ntlm program /usr/bin/valgrind --num-callers=30 --track-origins=yes --log-file=/tmp/valgrind.ntlm_auth.%p /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
(In reply to Marc Deslauriers from comment #11) That works: ==30931== Memcheck, a memory error detector ==30931== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==30931== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==30931== Command: /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp ==30931== Parent PID: 30914 ==30931== ==30931== Invalid read of size 8 ==30931== at 0xA81F9B0: security_token_is_sid (in /usr/lib/x86_64-linux-gnu/samba/libsamba-security.so.0) ==30931== by 0xA821908: security_session_user_level (in /usr/lib/x86_64-linux-gnu/samba/libsamba-security.so.0) ==30931== by 0x54936AA: gensec_ntlmssp_server_auth (in /usr/lib/x86_64-linux-gnu/libgensec.so.0.0.1) ==30931== by 0x548EE92: gensec_ntlmssp_update (in /usr/lib/x86_64-linux-gnu/libgensec.so.0.0.1) ==30931== by 0x5499A91: gensec_update_ev (in /usr/lib/x86_64-linux-gnu/libgensec.so.0.0.1) ==30931== by 0x5499AD6: gensec_update (in /usr/lib/x86_64-linux-gnu/libgensec.so.0.0.1) ==30931== by 0x10FBAD: manage_gensec_request.isra.5 (in /usr/bin/ntlm_auth) ==30931== by 0x10D3CE: manage_squid_request (in /usr/bin/ntlm_auth) ==30931== by 0x10CDAA: main (in /usr/bin/ntlm_auth) ==30931== Address 0x8 is not stack'd, malloc'd or (recently) free'd ==30931== ==30931== ==30931== Process terminating with default action of signal 11 (SIGSEGV) ==30931== Access not within mapped region at address 0x8 ==30931== at 0xA81F9B0: security_token_is_sid (in /usr/lib/x86_64-linux-gnu/samba/libsamba-security.so.0) ==30931== by 0xA821908: security_session_user_level (in /usr/lib/x86_64-linux-gnu/samba/libsamba-security.so.0) ==30931== by 0x54936AA: gensec_ntlmssp_server_auth (in /usr/lib/x86_64-linux-gnu/libgensec.so.0.0.1) ==30931== by 0x548EE92: gensec_ntlmssp_update (in /usr/lib/x86_64-linux-gnu/libgensec.so.0.0.1) ==30931== by 0x5499A91: gensec_update_ev (in /usr/lib/x86_64-linux-gnu/libgensec.so.0.0.1) ==30931== by 0x5499AD6: gensec_update (in /usr/lib/x86_64-linux-gnu/libgensec.so.0.0.1) ==30931== by 0x10FBAD: manage_gensec_request.isra.5 (in /usr/bin/ntlm_auth) ==30931== by 0x10D3CE: manage_squid_request (in /usr/bin/ntlm_auth) ==30931== by 0x10CDAA: main (in /usr/bin/ntlm_auth) ==30931== If you believe this happened as a result of a stack ==30931== overflow in your program's main thread (unlikely but ==30931== possible), you can try to increase the size of the ==30931== main thread stack using the --main-stacksize= flag. ==30931== The main thread stack size used in this run was 8388608. ==30931== ==30931== HEAP SUMMARY: ==30931== in use at exit: 70,980 bytes in 183 blocks ==30931== total heap usage: 530 allocs, 347 frees, 186,474 bytes allocated ==30931== ==30931== LEAK SUMMARY: ==30931== definitely lost: 1,077 bytes in 5 blocks ==30931== indirectly lost: 264 bytes in 7 blocks ==30931== possibly lost: 67,928 bytes in 164 blocks ==30931== still reachable: 1,711 bytes in 7 blocks ==30931== suppressed: 0 bytes in 0 blocks ==30931== Rerun with --leak-check=full to see details of leaked memory ==30931== ==30931== For counts of detected and suppressed errors, rerun with: -v ==30931== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
(In reply to Paul Strinati from comment #12) Thanks! I think I mostly understand what's happening. Do you have the "map to guest" option set in your smb.conf? I guess yes, if so can you do a short test to see if removing this option avoids this segfault?
Created attachment 12100 [details] Possible patch for master This patch works for me, but we need a regression test...
(In reply to Stefan Metzmacher from comment #13) Yes - I am using map to guest = bad user in my smb.conf Once I comment this out squid restarts without issues, and no segfaults :) I'm still using the patched version of Samba provided by Marc D via his testing PPA
(In reply to Paul Strinati from comment #15) using "map to guest" together with squid authentication, just means the authentication is competely pointless, as a client can just use a random username/password and be authenticated as guest, unless you limit the access to a group by passing --require-membership-of to ntlm_auth
(In reply to Stefan Metzmacher from comment #16) Thanks Stefan - will read up on it, I thought that's what the directives below did, but will check!! acl auth proxy_auth REQUIRED and http_access deny !auth
(In reply to Paul Strinati from comment #17) Sorry - scratch that, was confusing conf files for Samba & Squid! I'll remove from my smb.conf going forward - however, added it back in to test the updated patch from Marc, restarted all services (samba, winbind, squid3) and it seems to have resolved the issue for me. Thanks all!
The patch in comment 14 seems to have worked to resolve the issue. Can we expect it to be committed soon? Thanks!
Created attachment 12114 [details] Patch for v4-4-test
Created attachment 12115 [details] Patch for v4-3-test
Created attachment 12116 [details] Patch for v4-2-test
Karolin, please push the patches to the relevant branches, thanks!
(In reply to Andreas Schneider from comment #23) Pushed to v4-[4|3|2]-test.
(In reply to Karolin Seeger from comment #24) Pushed to all branches. Closing out bug report. Thanks!