Re: [squid-users] Users prompted for credential when using NTML auth.

As per the advice given below, I have reconfigured squid with the
following, having installed Samba 3.0.2:

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

acl admins proxy_auth domain\aanderson
http_access allow !admins

The problem now is that the proxy is still prompting for user credentials,
and even if you supply them you get cache deny messages... I'm sure I'm
doing something wrong, but I can't see what. Its as if squid is reverting
to basic authentication even though it is not configured.

I have configured Samba as follows:

[global]
      workgroup = domain
      server string = Samba Server
      interfaces = ipaddress
      security = DOMAIN
      log file = /var/log/samba/log.%m
      max log size = 50
      preferred master = No
      local master = No
      domain master = No
      dns proxy = No
      wins server = ipaddress
      ldap ssl = no
      idmap uid = 10000-20000
      idmap gid = 10000-20000

With nmbd and winbindd running I can retrieve the list of domain groups
using wbinfo so I know winbindd is working.

I have read all the documentation (i.e. man pages) that comes with Samba
relating to winbindd and there is nothing to suggest I need to do anything
else.

Can you help me or point me to some documentation that will outline exactly
what I have to do to get this to work, assuming it can be done?

Thanks

Ash Anderson
MCP, MCSA, A+.

ID Business Solutions.
Tel: +44 (0)1483 595000

|---------+---------------------------->
| | Henrik Nordstrom |
| | <hno@squid-cache.|
| | org> |
| | |
| | 04/03/2004 09:27 |
| | |
|---------+---------------------------->
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  | |
  | To: aanderson@id-bs.com |
  | cc: squid-users@squid-cache.org |
  | Subject: Re: [squid-users] Users prompted for credential when using NTML auth. |
>--------------------------------------------------------------------------------------------------------------------------------------------------|

On Thu, 4 Mar 2004 aanderson@id-bs.com wrote:

> I have configured squid.conf with the following:
>
> auth_param ntlm program /usr/lib/squid/ntlm_auth domain\dc
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes

Please try using Samba-3 and it's ntlm_auth helper instead of the very old
(and known to be broken) SMB based ntlm_auth helper shipped with Squid.

Regards
Henrik

****************************************************************************

XLfit 4 is now available. Powerful curve fitting, statistics and results
presentation for Excel. Trial XLfit 4 for 30 days free of charge and
without obligation: http://www.id-bs.com/xlfit4

*****************************************************************************

 The information contained in this email may contain confidential or
 legally privileged information. If you are not the intended recipient any
 disclosure, copying, distribution or taking any action on the contents
 of this information may be unlawful. If you have received this email in
 error, please delete it from your system and notify us immediately. Any
 views expressed in this message are those of the individual sender, except
 where the message states otherwise. IDBS takes no responsibility for any
 computer virus which might be transferred by way of this email and
 recommends that you subject any incoming E-mail to your own virus
 checking procedures. We may monitor all E-mail communication through our
 networks.
 If you contact us by E-mail, we may store your name and address to
 facilitate communication.

**********************************************************************
Received on Thu Mar 04 2004 - 07:57:53 MST