[squid-users] Squid authentication with Samba 3

From: Silvio Luis <s.listas@dont-contact.us>
Date: Wed, 04 Feb 2004 08:43:13 -0200

Hello List,

I have squid authentication problem.

I have this configuration:

Versions: Samba-3 RPM FEDORA
                  squid-2.5.STABLE4
what i did:

          edit smb.conf (with winbind options)
          joined domain

        net join -U admin

         wbinfo -t
        checking the trust secret via RPC calls succeeded
          

                 I can authenticate a USER to the Domains
                 a wbinfo -u shows me users and wbinfo -g shows my domain
groups.

Install Squid

  ./configure --enable-auth=ntlm,basic --enable-delay-pools --enable-snmp \
                --enable-useragent-log --prefix=/usr/local/squid --enable-ssl
\ --enable-external-acl-helpers=wbinfo_group

          edit squid.conf with:
                          auth_param ntlm program /usr/lib/squid/wb_ntlmauth
                          auth_param ntlm children 5
                          auth_param ntlm max_challenge_reuses 0
                          auth_param ntlm max_challenge_lifetime 2 minutes
                          auth_param basic program /usr/lib/squid/wb_auth
                          auth_param basic children 5
                          auth_param basic realm ChoicePoint Proxy server
                          auth_param basic credentialsttl 2 hours

Add the following ACL:
acl AuthorizedUsers proxy_auth REQUIRED

Modify your http_access lines to include "AuthorizedUsers"
http_access allow AuthorizedUsers
http_access deny all

I receive username and password menu.
But I can go trough and there isn't any valid uname or password.

The squid debug gives me:

2004/02/03 20:45:31| The request GET http://www.mail.com/ is DENIED,
because it matched 'AuthorizedUsers'
2004/02/03 20:45:31| The request GET http://www.mail.com/ is DENIED,
because it matched 'AuthorizedUsers'
2004/02/03 20:45:31| clientReadRequest: FD 22: no data to process ((11)
Resource temporarily unavailable)
2004/02/03 20:45:31| The request GET http://www.mail.com/ is DENIED,
because it matched 'AuthorizedUsers'
2004/02/03 20:45:46| The request GET http://www.mail.com/ is DENIED,
because it matched 'AuthorizedUsers'
2004/02/03 20:45:46| clientReadRequest: FD 22: no data to process ((11)
Resource temporarily unavailable)
2004/02/03 20:45:46| The request GET http://www.mail.com/ is DENIED,
because it matched 'AuthorizedUsers'

Thank you for help
Received on Wed Feb 04 2004 - 03:59:55 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:01 MST