I'm running Squid 2.7-stable4, Samba 3 and the Windows 7 RC with IE8.
I have NTLM authentication setup on my squid proxy server and it works fine for every combination of browser and Windows (including IE8 on XP and Firefox on Win7), but it doesn't work (keeps asking for authentication) for IE8 on Windows 7.
I can get it to work using the LmCompatibilityLevel registry hack, but I'd really prefer to get it working on the server.
Does anyone have any experience with this? Or know where to start looking? The samba logs don't reveal much.
EDIT: Here's what the wb-MYDOMAIN log says when I attempt to authenticate:
[2009/08/20 15:13:36, 4] nsswitch/winbindd_dual.c:fork_domain_child(1080)
child daemon request 13
[2009/08/20 15:13:36, 10] nsswitch/winbindd_dual.c:child_process_request(478)
process_request: request fn AUTH_CRAP
[2009/08/20 15:13:36, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1755)
[ 4127]: pam auth crap domain: MYDOMAIN user: MYUSER
[2009/08/20 15:13:36, 0] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1767)
winbindd_pam_auth_crap: invalid password length 24/282
[2009/08/20 15:13:36, 2] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
NTLM CRAP authentication for user [MYDOMAIN]\[MYUSER] returned NT_STATUS_INVALID_PARAMETER (PAM: 4)
[2009/08/20 15:13:36, 10] nsswitch/winbindd_cache.c:cache_store_response(2267)
Storing response for pid 4547, len 3240
Run local GP on W7 (don't remember but in the 2000 and 2003 it is gpedit.msc). Look for local machine policy-> computer config->windows setting->local policies->security option->Network security: LAN Manager authentication level
Set LM & NTLM - Use NTLMv2 session if negotited
The right solution is to use ntlm_auth program from a more recent samba distribution: samba 3.4 and samba 3.5 seems to authenticate Win7 with NTLMv2 without problems. Samba 3.0 was unable to do it.
You can't really do this in NTLM. You have to use kerberos, as described at Getting Squid to authenticate with kerberos and Windows 2008/2003/7/XP.