[SQU] Squid-ntlm compiling problems

From: Thomas Goebel <thomas@dont-contact.us>
Date: Thu, 05 Oct 2000 12:59:38 +0200

Hallo list and Robert,

now i have time to install squid-ntlm.

Here is what i done:

step 1
fwi:/DOWN/squid-ntlm # autoconf
configure.in:905: warning: AC_TRY_RUN called without default to allow
cross compiling
configure.in:999: warning: AC_TRY_RUN called without default to allow
cross compiling
configure.in:1000: warning: AC_TRY_RUN called without default to allow
cross compiling
configure.in:1001: warning: AC_TRY_RUN called without default to allow
cross compiling
configure.in:1275: warning: AC_TRY_RUN called without default to allow
cross compiling
fwi:/DOWN/squid-ntlm #

step2
fwi:/DOWN/squid-ntlm # autoheader
configure.in:905: warning: AC_TRY_RUN called without default to allow
cross compiling
configure.in:1275: warning: AC_TRY_RUN called without default to allow
cross compiling
fwi:/DOWN/squid-ntlm #

step3
fwi:/DOWN/squid-ntlm # ./configure --enable-ntlm-authentication
--enable-ntlm-auth-modules=NTLMSSP --enable-snmp
--enable-basic-authentication

works without errors!!!

step4
fwi:/DOWN/squid-ntlm # make
....
helper.c: In function `StatefulEnqueue':
helper.c:688: warning: suggest parentheses around assignment used as
truth value
helper.c:689: warning: implicit declaration of function
`helperStatefulSpawnServers'
....

gcc -o squid -g access_log.o acl.o asn.o authenticate.o cache_cf.o
CacheDigest.o cache_manager.o carp.o
cbdata.o client_db.o client_side.o comm.o comm_select.o debug.o disk.o
dns_internal.o errorpage.o ETag.o event.o fd.o filemap.o forward.o
fqdncache.o ftp.o globals.o gopher.o helper.o http.o HttpStatusLine.o
HttpHdrCc.o HttpHdrRange.o HttpHdrContRange.o HttpHeader.o
HttpHeaderTools.o HttpBody.o HttpMsg.o HttpReply.o HttpRequest.o icmp.o
icp_v2.o icp_v3.o ident.o internal.o ipc.o ipcache.o logfile.o main.o
mem.o MemPool.o MemBuf.o mime.o multicast.o neighbors.o net_db.o
Packer.o pconn.o peer_digest.o peer_select.o redirect.o referer.o
refresh.o repl_modules.o send-announce.o snmp_core.o snmp_agent.o ssl.o
stat.o StatHist.o String.o stmem.o store.o store_io.o store_client.o
store_digest.o store_dir.o store_key_md5.o store_log.o store_modules.o
store_rebuild.o store_swapin.o store_swapmeta.o store_swapout.o
string_arrays.o
tools.o unlinkd.o url.o urn.o useragent.o wais.o wccp.o whois.o
fs/ufs.a repl/lru.a -L../lib -lcrypt -L../snmplib -lsnmp -lmiscutil
-lm -lresolv -lnsl
helper.o: In function `StatefulEnqueue':
/DOWN/squid-ntlm/src/helper.c:689: undefined reference to
`helperStatefulSpawnServers'
collect2: ld returned 1 exit status
make[2]: *** [squid] Error 1
make[2]: Leaving directory `/DOWN/squid-ntlm/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/DOWN/squid-ntlm/src'
make: *** [all] Error 1
fwi:/DOWN/squid-ntlm #

OK. what can i do???

cu

Thomas

Robert Collins wrote:
>
> Thomas,
> please keep replies cc:d to the list. Thanks.
>
> are you looking in "ntlm_auth_modules" or "auth_modules" see 1. key changes
> to squid below.
>
> Rob
>
> ----- Original Message -----
> From: <thomas@tomys.de>
> To: "Robert Collins" <robert.collins@itdomain.com.au>
> Sent: Wednesday, September 20, 2000 6:04 AM
> Subject: Re: [SQU] automatic smb_auth
>
> > Hallo,
> >
> > sorry,, but i can not find the ntlm-auth source-code. I downloaded the
> CVS-tree and some sourcepackages. Thare are only
> > auth_modules/multi-domain-NTLM/smb_auth.pl
> >
> > please tell were i can find the ntlm-source.
> >
> > cu
> > Thomas
> >
> > > Well its not well documented yet... but here's a quick list of things to
> do &
> > > notes about ntlm auth.
> > > Hey kinkie have I missed anything drastic? I might turn this list into
> the
> > > start of our HOW-TO ...
> > >
> > >
> > > 0. background
> > > -within HTTP there are three common authentication types: BASIC,
> > > DIGEST, NTLM. Of these only BASIC and DIGEST are official
> > > http authenticaton protocols. Basic authentication is clear text.
> digest
> > > uses a challenge-response format, as does NTLM.
> > > -Challenge-response helpers in squid cannot be tested from the
> command-line
> > > for two reasons. One: the helper needs the base64 data
> > > from the client to correctly interpret and verify the authentication
> request.
> > > Two: the authentication requests are stateful, so you need to
> > > generate the correct response to the 1st result the helper gives you.
> > > - NTLM and proxies. NTLM was not designed with stateless (ie HTTP)
> > > environments in mind. MS have got it to work, via a massive hack on the
> > > protocol. It DOES NOT WORK THROUGH PROXIES. Only the first hop can be
> NTLM
> > > authenticatied. This includes MS's IIS based proxy products. NTLM will
> also
> > > not work with transparent proxies (same reason as BASIC authentication
> > > doesn't_)so please, don't ask.
> > > 1. key changes to squid
> > > - the auth_modules directory is largely irrelevant for ntlm based
> > > environments. The helpers in auth_modules are BASIC helpers only. This
> > > includes the smb_auth,MSNT and multi-domain-NTLM.
> > > - there is a new directory ntlm_auth_helpers that contains the NTLM
> helper
> > > source programs.
> > > - the default ./configure will not enable any authentication code in
> squid
> > > (great for ISP's). New configuration directives allow
> > > basic auth, the basic auth modules to build, ntlm-auth, and the ntlm
> auth
> > > modules to build to be handled separately. Compiling in both
> > > basic and ntlm auth will allow you to 'fall back' to basic
> authentication if a
> > > browser does not support NTLM.
> > > 2. howto get NTLM authentication working
> > > - download the source
> > > - configure with (at a minimum) --enable-ntlm-authentication and
> > > --enable-ntlm-auth-modules=NTLMSSP
> > > - check the ntlmssp source code for any hardcoded parameters (it's only
> just
> > > stablised, there may be some 'magic' in the source at the moment). Also
> the
> > > command-line format is documented in the source.
> > > - you can use fakeauth or no_check if you just want to validate the
> username,
> > > but not check the password/login time limits.
> > > -compile and install squid
> > > - edit the squid.conf to specify the ntlm_authentication_helper
> command-line
> > > and at least one proxy_auth acl entry.
> > > -cross fingers (:-]) and use internet explorer FROM A DOMAIN USER
> ACCOUNT to
> > > surf the web.
> > >
> > > Rob
> > >
> > >
> > > Thomas Goebel wrote:
> > >
> > > > Hallo,
> > > >
> > > > sorry, i installed NTLM. But it does not work.
> > > > I tried at comandline to authenticate with smp_auth.pl and this also
> not
> > > > worked.
> > > >
> > > > Please help. Where can i get Information of NTLM.
> > > >
> > > > cu
> > > >
> > > > Thomas
> > > >
> > > > Robert Collins wrote:
> > > > >
> > > > > This is exactly what the recently developed NTLM authentication for
> squid
> > > > > does.
> > > > >
> > > > > It uses MS challenge handshaking authentication protocol (CHAP) for
> the
> > > > > browser. You need internet explorer 3 or newer to use it.
> > > > >
> > > > > Rob
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Thomas Goebel" <thomas@an-netz.de>
> > > > > To: <squid-users@ircache.net>; <linuxml@hekkihek.hacom.nl>
> > > > > Sent: Tuesday, September 19, 2000 11:36 PM
> > > > > Subject: [SQU] automatic smb_auth
> > > > >
> > > > > > Hallo,
> > > > > >
> > > > > > is it possible to perform the authentication against the
> > > > > > proxy automatically, invisible to the Windows user.
> > > > > > The Microsoft IIS authenticates the user, logged in at the
> workstation,
> > > > > > automatically.
> > > > > >
> > > > > > cu
> > > > > >
> > > > > > Thomas
> > > > > >
> > > > > > --
> > > > > > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
> > > > > >
> > > > > >
> > >
> >
> >
> > --
> >
> > ################################################
> > # Thomas Goebel <Systemadministrator> #
> > # #
> > # E-Mail: thomas@an-netz.baynet.de #
> > # #
> > # Stellvertr. Vorsitzender im #
> > # Traegerverein-Buergernetz-Ansbach-Netz e.V. #
> > ################################################
> > # Server-URL: www.an-netz.baynet.de #
> > # #
> > # SysAdmin: #
> > # Felix Risling <felix@an-netz.baynet.de> #
> > # Thomas Goebel <thomas@an-netz.baynet.de> #
> > ################################################
> >
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Thu Oct 05 2000 - 05:08:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:41 MST