Wouter Bakker wrote:
> I got this far:
>
> auth_param ntlm program /usr/lib/squid/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp --domain=OURDOMAIN
> auth_param basic program /usr/lib/squid/ntlm_auth
> --helper-protocol=squid-2.5-basic --domain=OURDOMAIN
> auth_param ntlm program /usr/lib/squid/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> --require-membership-of='OURDOMAIN\somegroup'
> auth_param basic program /usr/lib/squid/ntlm_auth
> --helper-protocol=squid-2.5-basic
> --require-membership-of='OURDOMAIN\somegroup'
Are all of these lines uncommented in your squid.conf? You only need one
"program" line per auth type. Also, if you want to enforce group
membership, the best way to do that is with an external_acl group helper.
> acl fromlocal src 192.168.0.0/255.255.255.0 192.168.10.0/255.255.255.0
> 192.168.11.0/255.255.255.0
> acl toplanet dstdomain www.planet.nl
> acl admin proxy_auth required
> acl towww dst 0.0.0.0/0.0.0.0
> acl user proxy_auth me
> acl all src 0.0.0.0/0.0.0.0
> http_access allow admin toplanet fromlocal
> http_access allow user towww fromlocal
> http_access deny all
These acls look fine.
> As you can see I use the site www.planet.nl as a test-domain.
> When I hash out the ntlm lines, the authentication window nicely pops-up
> in IE, stating the realm above. However, above setup does'nt function as
> expected. No html requests are accepted at all, but no 40x page is
> displayed neither. What am I doing wrong here? Can anyone help me out?
Have you read the Winbind FAQ?
http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5
Did the wbinfo tests succeed as indicated in the FAQ? What about the basic
auth helper test?
Adam
Received on Wed May 12 2004 - 20:57:13 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT