[squid-users] winbind authentication, mystical ?

From: Federico Lombardo <egopfe@dont-contact.us>
Date: Thu, 4 Jul 2002 13:05:23 +0200

I'm wondering if windbind authentication is as mystical as it is documented
everywhere :-)
Ok, I'm not to be polemical, but I wanna find out wich configurations I must
give my squid and my samba daemons to make this authentication work.
Someone can tell me ??!?!?!?!?!

I say this because I'm in a black-out, I'm tryin' harder to manage this
situation... but I've only strace and lsof that can help me...

Ok, Scenario:

Using squid 2.5PRE8 latest snapshot on a slackware linux 8.1

From my smb.conf:

[global]

password server = MASTER BDC

; password server = *

wins server = 192.168.5.1 192.168.0.1

dns proxy = no

update encrypted = Yes

security = domain

; security = share

encrypt passwords = Yes

workgroup = DOMAIN

local master = yes

socket options = TCP_NODELAY

log file = /dev/tty10

netbios name = norad

load printers = no

max log size = 50

preferred master = no

;*********** winbindd **********

; winbind separator = \

template homedir = /home/%D/%U

template shell = /bin/bash

winbind uid = 10000-20000

winbind gid = 10000-20000

winbind enum users = yes

winbind enum groups = yes

Started smb, nmbd and winbindd and all work correctly, I can view my domain
users and groups, ping my winbind process, /tmp/.winbindd/pipe exist and
works

From my squid.conf:

auth_param ntlm program /home/squid/squid25/libexec/wb_ntlmauth

auth_param ntlm children 5

auth_param ntlm max_challenge_reuses 0

auth_param ntlm max_challenge_lifetime 2 minutes

...

acl federico proxy_auth REQUIRED

http_access allow federico

http_access deny all

Now, I don't think is an ACL problem... I think that is an Helper problem...
I start squid, point my IE to a site and see my access.log

1025108432.785 1 192.168.5.12 TCP_DENIED/407 1313 GET
http://freshmeat.net/ - NONE/- text/html

1025108432.794 4 192.168.5.12 TCP_DENIED/407 1395 GET
http://freshmeat.net/ - NONE/- text/html

1025108435.864 0 192.168.5.12 TCP_DENIED/407 1313 GET
http://freshmeat.net/ - NONE/- text/html

1025108435.868 1 192.168.5.12 TCP_DENIED/407 1395 GET
http://freshmeat.net/ - NONE/- text/html

This shows that NONE user is authenticated.... strange... very strange
NTML_AUTH helper works correctly, so NT Auth in IE works.

for me the problem is that winbind can't find user or can't authenticate
user from squid!!!! <- how to debug this ?

Other problem... In a previus mail Henrik tell me to make wb_auth work
before making work wb_ntmlauth... but I can't realize how to make I work...
I start wb_auth by command line in libexec/ directory, then? what I must
write ? what are the possible arguments and options ? If I write my username
and password?
Received on Thu Jul 04 2002 - 05:08:34 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:02 MST