RE: [squid-users] authentication issues using winbind and ntlm

I see the same thing in my logs after getting ntlm to work about a month
ago. I think is more of an issue with how squid processes its acls. I wish
squid would handle its acls in the same manner as Cisco routers, which is
that a packet is accepted or denied based on the first matching rule that it
encounters.

-----Original Message-----
From: Jim Crippen [mailto:jcrippen@eliteint.com]
Sent: Tuesday, December 02, 2003 10:18 AM
To: 'squid-users@squid-cache.org'
Subject: [squid-users] authentication issues using winbind and ntlm

Hi all,

I don't know if this has already been answered but I was unable to find
anything about it. I've setup squid-2.5.STABLE4 with Samba 3.0.0 using
winbind for authentication. Everything works fine, except, every page
accessed first enters 2 TCP_DENIED entries in the access log. I wanted to
know if there is a way around this as when I add back in the following acl
"acl test url_regex "/etc/blacklist" " and deny access to it, I can not get
the username recorded in the access log. Below is an entry from the
access.log from opening yahoo.com.

1070384877.123 9 192.168.12.50 TCP_DENIED/407 1741 GET
http://www.yahoo.com/ - NONE/- text/html
1070384877.152 9 192.168.12.50 TCP_DENIED/407 1741 GET
http://www.yahoo.com/ - NONE/- text/html
1070384877.456 303 192.168.12.50 TCP_MISS/200 13360 GET
http://www.yahoo.com/ ELITEHOU\JIMC DIRECT/66.218.71.93 text/html
1070384878.276 7 192.168.12.50 TCP_DENIED/407 2094 GET
http://srd.yahoo.com/M=264255.3922691.5448124.3540639/D=yahoo_top/S=2716149:
JAM/A=1886591/N=1226/id=load_cap_lan/fv=6/0.35301091527173617/*1 - NONE/-
text/html
1070384878.288 8 192.168.12.50 TCP_DENIED/407 2098 GET
http://srd.yahoo.com/M=264255.3922691.5448124.3540639/D=yahoo_top/S=2716149:
JAM/A=1886591/N=1226/id=load_cap_lan/fv=6/0.35301091527173617/*1 - NONE/-
text/html
1070384878.312 187 192.168.12.50 TCP_MISS/304 391 GET
http://switch.atdmt.com/action/PTCYahooFront ELITEHOU\JIMC
DIRECT/216.39.69.71 -
1070384878.446 154 192.168.12.50 TCP_MISS/200 261 GET
http://srd.yahoo.com/M=264255.3922691.5448124.3540639/D=yahoo_top/S=2716149:
JAM/A=1886591/N=1226/id=load_cap_lan/fv=6/0.35301091527173617/*1
ELITEHOU\JIMC DIRECT/66.218.71.101 image/gif
1070384879.032 587 192.168.12.50 TCP_MISS/200 515 GET
http://kd.barcfg.myway.com/speedbar/mySpeedbarCfg2.jsp? ELITEHOU\JIMC
DIRECT/63.236.66.5 text/html

Here is the relevant section of the squid.conf file:

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --enable-helper-fail-open -d 10 -l
auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 1 auth_param
ntlm max_challenge_lifetime 20 minutes

auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param
basic realm Squid proxy-caching web server auth_param basic credentialsttl 2
hours

I appreciate any help anyone can give me.

Thanks.

Jim Crippen
Sr LAN Administrator
Elite Transportation
jcrippen@eliteint.com
Received on Tue Dec 02 2003 - 10:36:29 MST