[squid-users] Re: Failure with squid and NTLM auth

From: Lars Roland <lroland@dont-contact.us>
Date: Fri, 17 Sep 2004 17:13:32 +0200

Well after using --helper-protocol=squid-2.5-ntlmssp it works better,
only problem now is getting log info out of winbindd/samba/squid,
inorder to determin why my suplied user credientials/password does not
grant me acces to the intenet.

Regards.

Lars Roland

On Fri, 17 Sep 2004 15:41:42 +0200, Lars Roland <lroland@gmail.com> wrote:
> Hi All
>
> I have build squid 2.5-STABLE6 on redhat 7.3 with the the folowing command
>
> /configure --prefix=/usr/local/squid --sysconfdir=/etc/squid
> --enable-auth="ntlm,basic"
> --enable-external-acl-helpers="wbinfo_group"
> --with-samba-sources=/opt/samba-3.0.6
>
> I use samba 3.0.6 and it is build with
>
> ./configure --with-winbind --prefix=/usr/local/samba
> --sysconfdir=/etc/samba --with-configdir=/etc/samba
> --with-privatedir=/etc/samba/private --with-lockdir=/var/lock
> --with-smbmount --with-quotas --with-winbind-auth-challenge
> --with-automount
>
> I have a windows 2000 domain runinng active directory, my smb.conf is
> fine as I can execute both wbinfo -t and wbinfo -u without any
> problems. The part of my squid conf that deals with ntlm looks like
> this
>
> auth_param ntlm program /usr/local/samba/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
> auth_param ntlm use_ntlm_negotiate off
> auth_param basic program /usr/local/samba/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> external_acl_type nt_group ttl=0 concurrency=5 %LOGIN
> /usr/local/squid/libexec/wbinfo_group.pl
>
> I i try this proxy using a windows XP workstation, running ie6 then I
> get the folowing error in
> /var/log/messages:
>
> authenticateNTLMHandleReply: *** Unsupported helper response ***, 'ERR'
>
> In /car/log/squid/acced.log i get:
>
> 1095427620.272 2 172.29.10.137 TCP_DENIED/407 587 GET
> http://www.kde.org/ - NONE/- text/html
>
> I have debuging set as: debug_options ALL,1 29,9 (ia also tried
> debug_options ALL,1 33,2, this did not change anything).
>
> Does anyone have an idea where I can go from here in order to break
> this problem down to smaller peaces, the messages in /var/log/messages
> are not excatly that helpfull.
>
> Regards.
>
> Lars Roland
>
Received on Fri Sep 17 2004 - 09:15:43 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT