RE: [squid-users] Incompatibilities between Samba and Squid

Hi,

You should use the ntlm helper shipped with samba. wb_ntlmauth are the old helpers
of squid 2.4x versions. For squid 2.5, it's highly recommended to use samba
helpers : replace wb_ntlmauth by ntlm_auth (usually in /usr/bin) in squid .conf
Regards,

        P-E

-----Message d'origine-----
De : news [mailto:news@sea.gmane.org]De la part de Norman Zhang
Envoyé : jeudi 10 juin 2004 02:21
À : squid-users@squid-cache.org
Objet : [squid-users] Incompatibilities between Samba and Squid

Hi,

I'm running Squid-2.5.STABLE4-1.100mdk with samba-server-3.0.2a-3mdk.
When I tried to go the internet, I see the following in

/var/log/syslog
Jun 9 17:06:07 proxy (squid): authenticateNTLMHandleReply: called with
no result string
Jun 9 17:06:07 proxy squid[1571]: Squid Parent: child process 2617
exited due to signal 6

/var/log/squid/access.log
1086825967.398 31 192.168.22.7 TCP_DENIED/407 1706 GET
http://www.mozilla.org/ - NONE/- text/html

Searching through the archives seems to indicate a bug with Samba's NTLM
helper? May I ask is there a fix for this?

Regards,
Norman

cache_mgr web.master@arkonnetworks.com
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
cache_dir ufs /var/spool/squid 200 16 256
cache_peer 127.0.0.1 parent 80 7 default no-query
acl binaries urlpath_regex -i \.exe$ \.zip$ \.vbs$ \.gz$
cache_peer_access 127.0.0.1 allow binaries
never_direct allow binaries

ftp_user squid@test.com
auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

external_acl_type NT_global_group %LOGIN /usr/lib/squid/wb_group

acl ProxyUsers external NT_global_group ProxyUsers
acl authusrs proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl webmin port 10000 20000 # webmin, usermin
acl CONNECT method CONNECT
acl localnet dst 192.168.11.0/26 192.168.22.0/25
acl arkonweb dst 207.34.136.4 207.34.136.5 207.34.136.7
acl pdfgrab browser WebCapture
acl realplay browser RealMedia
acl ssread browser SSDOWNLOAD
acl ssread browser SSREADER

http_access allow manager localhost
http_access deny manager
http_access allow CONNECT webmin
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow arkonweb
http_access allow pdfgrab
http_access allow realplay
http_access allow ssread
http_access allow authusrs ProxyUsers
http_access allow localhost
http_access deny all

icp_access allow all
Received on Thu Jun 10 2004 - 03:14:15 MDT