Re: [squid-users] Problems with wb_ntlmauth

You should be using the ntlm_auth helper from Samba, not the squid wb_*
helpers.

Also check permissions on the winbind pipe.

See the squid FAQ and pay attention to the differences between Samba 2.x
and 3.x.

Jerry

----- Original Message -----
From: "Ian Large" <ian.large@salvesen.com>
To: <squid-users@squid-cache.org>
Sent: Wednesday, October 27, 2004 10:20 AM
Subject: [squid-users] Problems with wb_ntlmauth

> Hi
>
> I've been banging my head against a wall for too long and I
> hope someone can enlighten me as to what I am doing wrong. I
> have been trying to get a squid proxy (using NT4 domain
> logons) working on a RHEL WS 3.0 server and had some success
> using basic authentication. The problem is that I want to
> pass the login details to Websense Enterprise for content
> filtering which requires the use of wb_ntlmauth.
>
> I have some documentation provided by Websense that says I
> need to ensure that Samba is built with --with-winbind and
> --with-winbind-auth-challenge (which it is - now) and also
> gave me the chunk of squid.conf to make it work:
>
> auth_param ntlm program /usr/lib/squid/wb_ntlmauth
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
>
> auth_param basic children 5
> auth_param basic realm Salvesen Proxy
> auth_param basic credentialsttl 2 hours
>
> This passes verification and starts up okay but whenever a
> client tries to connect I see the following in cache.log:
>
> (wb_ntlmauth)[2818](wb_ntlm_auth.c:414): Can't contact
> winbindd. Dying
>
> The wbinfo command works with -t, -u, -g, -a
> getent passwd and getent group both work
> I can connect to shares with my desktop PC and open Server
> Manager
> I just can't understand why it is not working...
>
> I am running Samba/winbindd version 3.0.7-1.3E and Squid
> 2.5.STABLE3, both provided by RedHat
> --
> Ian Large
>
>
>
>
> ------------------------------------------------------------------------
--------
>
>
>
> For information on Christian Salvesen visit our website at
www.salvesen.com.
>
>
>
> The information contained in this e-mail is strictly confidential and
for the use of the addressee only; it may also be legally privileged and /
or price sensitive. Notice is hereby given that any disclosure, use or
copying of the information by anyone other than the intended recipient is
prohibited and may be illegal. If you have received this message in
error, please notify the sender immediately by return e-mail.
>
>
>
> Christian Salvesen has taken every reasonable precaution to ensure that
any attachment to this e-mail has been swept for viruses. However, we
cannot accept liability for any damage sustained as a result of software
viruses and would advise that you carry out your own virus checks before
opening any attachment.
>
>
>
> Christian Salvesen is a trading name of the Christian Salvesen Group.
Christian Salvesen PLC (Company number SC7173) is the ultimate holding
company within the Christian Salvesen Group whose registered office is at
16 Charlotte Square, Edinburgh EH2 4DF.
>
Received on Wed Oct 27 2004 - 08:35:41 MDT