[squid-users] Seamless authentication for squid linux in a NT Domain using samba and winbind! from Thomas.Bauer@dont-contact.us on 2003-10-22 (squid-users)

From: <Thomas.Bauer@dont-contact.us>
Date: Wed, 22 Oct 2003 08:00:08 -0400

Hi everybody!

I wanna run a squid proxy server on Red Hat 9.0 in an Win NT 4 environment. At the moment squid is running on NT but it sucks
and crashes all the time.
I set squid up on linux and tried the msnt authenticate. It works but I don't want a prompt if you start the internet explorer.
So I tried to set up squid with winbind.

I tried all the configurations and the hints in all threads I found.

http://www.squid-cache.org/Doc/FAQ/FAQ-23.html

wbinfo -t responds SUCCESS
wbinfo -g shows me all the NT groups
wbinfo -u shows me all the NT users
wbinfo -a mydomain\myuser%mypasswd SUCCESS

but the following command responds always the same error:

/usr/local/squid/libexec/wb_auth -d
/wb_auth[14615](wb_basic_auth.c:168): basich winbindd auth helper build Oct 21 2003, 09:47:15 starting up...
mydomainmyuser mypasswd
/wb_auth[14615](wb_basic_auth.c:129): Got 'mydomainmyuser mypasswd' from squid (length: 21).
/wb_auth[14615](wb_basic_auth.c:55): winbindd result -1
/wb_auth[14615](wb_basic_auth.c:60): sending 'ERR' to squid
ERR

I don't know where my problem is hidden. I use Samba 3.0.0 and Squid-2.5-STABLE3.

my squid.conf:

auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/local/squid/libexec/wb_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

I also use free and denied domains which I can access. But if I want to open google.com or any other page, the prompt shows
up.
And if I type in my username and password, I can't logon to the Internet.
Some users in our company don't have access to the internet. How can I handle it, that the users with internet access can use
the internet without typing in their username and password again?

I hope you can help me out. I am working on this for a few weeks now. But I can't get the problem solved.
Thanks a lot for helping me!!
Received on Wed Oct 22 2003 - 06:02:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:35 MST