Re: [squid-users] suse 9.1 preinstalled squid3

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 25 Aug 2004 19:07:38 +0200 (CEST)

On Wed, 25 Aug 2004, Mrvka Andreas wrote:

> i have suse linux 9.1 where squid3 is precompiled

Hmm.. I think I have to go and shoot someone at SuSE.. Squid3 is not yet
released and way away from a production quality release. Having this
included in a OS release is pure madness on the level of playing russian
roulette.

> but i dont get it running authenticating my users with active directory.
>
> here my squid.conf:
> [...]
> auth_param basic program /usr/sbin/squid_ldap_auth -p 389 -u cn -R -b
> dc=subdomain,dc=domain,dc=com -D
> cn=administrator,cn=users,dc=subdomain,dc=domain,dc=com -w password -f cn=%s
> -h PDC

Any errors when you try this manually?

> auth_param ntlm program /usr/sbin/ntlm_auth -b DOMAIN/PDC DOMAIN/BDC

Hmm.. this program should not be in /usr/sbin/. It should be in
libexec/squid/ somewhere..

> echo "user pass" | /usr/sbin/ntlm_auth -d DOMAIN\\PDC
> ntlm-auth[6099](ntlm_auth.c:188): Adding domain-controller DOMAIN\\PDC
> ntlm-auth[6099](ntlm_auth.c:461): options processed OK
> ntlm-auth[6099](ntlm_auth.c:285): managing request
> ntlm-auth[6099](ntlm_auth.c:291): ntlm authenticator. Got 'user pass' from
> Squid
> ntlm-auth[6099](ntlm_auth.c:441): sending 'BH Helper detected protocol error'
> to squid

This is correct. You can not test ntlm helpers manually as they expect
NTLMSSP binary blobs as input, not usernames/passwords.

Regards
Henrik
Received on Wed Aug 25 2004 - 11:07:44 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT