Just a update. I finally got it to work. My problem
was in the acl's. I am now trying to get squid to
work with dansguardian with ntlm auth. Thanks for all
the help. If anybody has any pointers on getting
dansguardian to work with ntlm let me know.
Thanks alot!!!
--- Tim Neto <tneto@komatsu.ca> wrote:
>
> Could this be a iptables (lokkit) issue? The access
> denied could be a clue.
>
> Try stripping all control ACLs from your squid.conf
> file. Run Squid as
> just an open proxy relay for a moment to test. See
> if Squid is the
> "access" denied or is there another service in the
> OS causing the access
> denied.
>
> Tim
>
>
-----------------------------------------------------------
> Timothy E. Neto
> Computer Systems Engineer Komatsu Canada
> Limited
> Ph#: 905-625-6292 x265 1725B Sismet Road
> Fax: 905-625-6348 Mississauga,
> Canada
> E-Mail: tneto@komatsu.ca L4W 1P9
>
-----------------------------------------------------------
>
>
>
> Johnny Doe wrote:
>
> >I'm not sure whats going on. I just put a clean
> >fedora 2 install on the box and I am getting the
> same
> >exact problem. I have no idea what I'm doing wrong
> >but there is def something wrong. The only thing I
> >find wierd is that I am trying to use this with
> >dansguardian and if I stop dansguardian and comment
> >out the auth_param ntlm program /usr/bin/ntlm_auth
> >--helper-protocol=squid-2.5-ntlmssp it still doenst
> >let me out. I keep getting denied in the access
> log.
> >--- Adam Aube <aaube01@baker.edu> wrote:
> >
> >
> >
> >>Please reply to the list and not to me personally.
> >>
> >>Johnny Doe wrote:
> >>
> >>
> >>>--- Adam Aube <aaube01@baker.edu> wrote:
> >>>
> >>>
> >>>>Since you didn't explicitly show it, I'm going
> to
> >>>>
> >>>>
> >>guess that you did a
> >>
> >>
> >>>>"su squid" before running wbinfo.
> >>>>
> >>>>
> >>>>Have you added any winbind lines to
> nsswitch.conf
> >>>>
> >>>>
> >>or PAM? If all you are
> >>
> >>
> >>>>using winbind for is Squid integration with a
> >>>>
> >>>>
> >>Windows domain, you don't
> >>
> >>
> >>>>need those lines and can take them out.
> >>>>
> >>>>
> >>>>Just to be thorough, can you post your smb.conf
> >>>>
> >>>>
> >>file and the output of
> >>
> >>
> >>>>"squid -v"?
> >>>>
> >>>>
> >>>Yes I did su over to squid before running that
> >>>
> >>>
> >>command. I'm not sure you
> >>
> >>
> >>>ment by the if I changed pam but here is the
> squid
> >>>
> >>>
> >>file from
> >>
> >>
> >>>the /etc/pam.d
> >>>
> >>>
> >>>#%PAM-1.0
> >>>auth required pam_stack.so
> >>>
> >>>
> >>service=system-auth
> >>
> >>
> >>>account required pam_stack.so
> >>>
> >>>
> >>service=system-auth
> >>
> >>
> >>
> >>>Here is a copy of my nsswitch.conf
> >>>
> >>>
> >>>passwd: files nisplus
> >>>shadow: files nisplus
> >>>group: files nisplus
> >>>hosts: files nisplus dns
> >>>bootparams: nisplus [NOTFOUND=return] files
> >>>ethers: files
> >>>netmasks: files
> >>>networks: files
> >>>protocols: files winbind nisplus
> >>>rpc: files
> >>>services: files winbind nisplus
> >>>netgroup: files winbind nisplus
> >>>publickey: nisplus
> >>>automount: files winbind nisplus
> >>>aliases: files nisplus
> >>>
> >>>
> >>>smb.conf
> >>>
> >>>
> >>>[global]
> >>> workgroup = SMC
> >>> server string = SMCSquid Samba Server
> >>> winbind uid = 10000-20000
> >>> winbind gid = 10000-20000
> >>> winbind enum users = yes
> >>> winbind enum groups = yes
> >>> template homedir = /home/winnt/%D/%U
> >>> template shell = /bin/bash
> >>> printcap name = /etc/printcap
> >>> load printers = yes
> >>> log file = /var/log/samba/%m.log
> >>> max log size = 50
> >>> security = domain
> >>> password server = smcnt3
> >>> encrypt passwords = yes
> >>> smb passwd file = /etc/samba/smbpasswd
> >>> unix password sync = Yes
> >>> passwd program = /usr/bin/passwd %u
> >>> passwd chat = *New*UNIX*password* %n\n
> >>>
> >>>
> >>*ReType*new*UNIX*password* %n\n
> >>
>
>>*passwd:*all*authentication*tokens*updated*successfully*
> >>
> >>
> >>
> >>> socket options = TCP_NODELAY SO_RCVBUF=8192
> >>>
> >>>
> >>SO_SNDBUF=8192
> >>
> >>
> >>> local master = no
> >>> os level = 33
> >>> dns proxy = no
> >>> idmap uid = 16777216-33554431
> >>> idmap gid = 16777216-33554431
> >>> template shell = /bin/bash
> >>> winbind use default domain = yes
> >>> password server = smcnt3
> >>>[homes]
> >>> comment = Home Directories
> >>> browseable = no
> >>> writable = yes
> >>>[printers]
> >>> comment = All Printers
> >>> path = /var/spool/samba
> >>> browseable = no
> >>> guest ok = no
> >>> writable = no
> >>> printable = yes
> >>>
> >>>
> >>>squid -v
> >>>Squid Cache: Version 2.5.STABLE5
> >>>configure options: --host=i386-redhat-linux
> >>>
> >>>
> >>--build=i386-redhat-linux
> >>
>
=== message truncated ===
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo
Received on Wed Jul 28 2004 - 12:07:39 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:03 MDT