Error validating user via ntlm
Error returned 'BH NT_STATUS_ACCESS_DENIED'[2010/12/08 , 0] utils/ntlm_auth.c:558(winbind_pw_check) Login for user \[biliy.sergey]@[BILIY25] failed due to [Access denied][2010/12/08 , 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED2010/12/08 | authenticate NTLMHandle Reply: Error validating user via NTLM.Error returned 'BH NT_STATUS_ACCESS_DENIED'[2010/12/08 , 0] utils/ntlm_auth.c:558(winbind_pw_check) Login for user [AC-CONSTRUCTION]\[biliy.sergey]@[BILIY25] failed due to [Access denied][2010/12/08 , 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED2010/12/08 | authenticate NTLMHandle Reply: Error validating user via NTLM.Error returned 'BH NT_STATUS_ACCESS_DENIED'[global] workgroup = AC-CONSTRUCTION server string = out server security = ADS hosts allow = 192.168.1. log file = /var/log/samba34/log.%m max log size = 50 password server = primarydc.ac-construction.local realm = AC-CONSTRUCTION. log file = /var/log/samba34/log.%m max log size = 50 password server = 192.168.0.3 realm = AC-CONSTRUCTION.
LOCAL Issued Expires Principal Dec 10 Dec 10 krbtgt/AC-CONSTRUCTION. LOCAL dns proxy = no display charset = koi8-r unix charset = koi8-r dos charset = cp866 winbind separator = winbind use default domain = yes winbind uid = 10000-15000 winbind gid = 10000-15000 winbind enum users = yes winbind enum groups = yes #============================ Share Definitions ==============================[homes] comment = Home Directories browseable = no writable = yes# Un-comment the following and create the netlogon directory for Domain Logons; [netlogon]; comment = Network Logon Service; path = /usr/local/samba/lib/netlogon; guest ok = yes; writable = no; share modes = no# Un-comment the following to provide a specific roving profile share# the default is to use the user's home directory;[Profiles]; path = /usr/local/samba34/profiles; browseable = no; guest ok = yes# NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer[printers] comment = All Printers path = %%SAMBA_SPOOL%% browseable = no# Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes# This one is useful for people to share files;[tmp]; comment = Temporary file space; path = /tmp; read only = no; public = yes# A publicly accessible directory, but read only, except for people in# the "staff" group[public] path = /home/samba guest ok = Yes guest only = Yes writable = yes# Other examples. Spool data will be placed in fred's# home directory.Important notice: One should use "Windows 2008 with AES" if available.This is not just important for security reasons, but you might also experience problems when using the DNS name of the squid server instead of the IP address.hello I've followed the documentation of active directory integrated with squid proxy throuh as I want to restrict the internet Access via acl on proxy and active directory groups.I have configured with my network configuration samba (smb.conf) , winbind, and kerberos (krb5.conf) as my uname -a = Linux vscj016mlinux.4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux my squid is squid 3.5.12 my active directory is Windows 2003 server when I try to access intenet via firefox I receive the message in /var/log/squid/cache.log: 2017/05/03 | negotiate_wrapper: Got 'YR Tl RMTVNTUAABAAAAl4II4g AAAAAAAAAAAAAAAAAAAAAGAb Ed AAAADw==' from squid (length: 59).