Re: [squid-users] --> problem with wb_ntlmauth !

Thomas,

     With winbind you do not have a file with the users. wb_group is an
external acl that gets the users on a group you define on your AD.
      The basics to configure it is:

        1) install and configure samba (note: it must be configure with
security=domain, encrypt passwords=yes). The comands here are all for
samba 2.2.8 ! samba 3.0 changes a lot of things...
        2) type : man winbindd it gives you a complete way to install
your winbind daemon. It is not necessary to configure PAM, but do not
forget to copy the lib_nsswinbind.so (and the link) to /lib directory
        3) test winbind:
               -- first add your machine to the domain: smbpasswd -j
DOMAIN -U user -r AD_MACHINE (the user must have access to create
machine accounts).
               -- second, set a user for winbind: wbinfo --set-auth-user
DOMAIN\user%password
               -- third, type: wbinfo -u (gives you all users from your
AD), and wbinfo -g (gives you all groups from your AD), wbinfo -a
DOMAIN\user%password (to test if it is able to authenticate a user).
         4) with these working, time to compile squid. I used the
folowing configuration options here:
./configure --with-async-io --enable-storeio=null,aufs,diskd
--enable-removal-policies=heap,lru --enable-useragent-log
--enable-referer-header --enable-icmp --enable-snmp
--enable-cachemgr-hostname --enable-ssl
--enable-default-err-language=Portuguese --enable-auth=basic,ntlm
--enable-ntlm-auth-helpers=winbind --enable-basic-auth-helpers=winbind
          5) install squid, go to /usr/local/squid/libexec
          6) type : ./wb_auth -d it will say somethings and give you
no prompt. Just type: DOMAIN\user password (with ONE Space!). If you
typed a valid username/password, the last thing it prints is OK
otherwise is ERR. This means your wb_auth/winbind is working perfectly.
          7) For the wb_group, if you type wb_group -d , and then type
DOMAIN\\user a_domain_group it will give you OK if that user is on that
group.

        If wb_group works, give you an OK for a valid username/group
combination, it means that everything is OK with your system.
        Then you must configure squid.conf to accept your wb_group.
There is a nice readme on squid's src wb_group (on
helpers/external_acl/winbind_group). Take a read on it, and contact me
if you get some trouble...

Alex.

Thomas.Bauer@hansgrohe.com wrote:

>Hi Alex!
>I read all your postings. It seams that we both have the same problem.
>At my squid all is working except the wb_group. It always returns me an error.
>how did you configure squid (which version?) an how did you configure your samba?
>perhaps I can try it here to get it to work. I think my problem is to configure and to compile squid the right way. always when
>I use the rpms I can get a connection to the internet, but unfortunatly with the prompt. But if I use the source code, I can't
>get a connection. Don't know what I did wrong.
>In what file are user valid internet users stored? is it on the windows machine?
>what does it look like?
>Thanks and greetz,
>Tommy
>
>
>
>
>
> Alex Carlos Braga
> Antão To: squid-users@squid-cache.org
> <alex@fnde.gov.br cc:
> > Subject: Re: [squid-users] --> problem with wb_ntlmauth !
>
>
>
>
>
>
>Adam,
> When I open the browser (IE) it asks me for username, password and
>Domain.
> I cannot find where the problem is, because winbind is working,
>wb_auth is working, wb_group is working... wb_ntlmauth should be working
>too...
>it could be a way to make wb_ntlmauth log more on squid logs....
>
>Alex
>
>Adam Aube wrote:
>
>
>
>
>
Received on Wed Nov 05 2003 - 10:31:45 MST