[squid-users] problems with ntlm_auth

From: Stuart Chase <schase@dont-contact.us>
Date: Sat, 27 Nov 2004 11:06:53 -0700

Hello,

I have set up squid, samba, got the winbind to work great
Wbinfo -t, -u, -g all work great
Squid also worked great until I tried to tie in NTLM_Auth
If I authenticate using /usr/bin/ntlm_auth --username=administrator

It authenticates perfectly.

I have this in my squid.conf

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 45
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

And my ACL's

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
http_access allow localhost
acl AuthorizedUsers proxy_auth REQUIRED
http_access allow all AuthorizedUsers
http_access deny all
http_reply_access allow all

And if I try to browse anywebsite at all, the squid access.log shows
TCP_DENIED/407

In the squid cache.log I can see it authenticateValidateUser: Validating
Auth_user request '0x8487f80'
Then authenticateValidateUser: Validated Auth_user request '0x8487f80'
Then
User not fully authenticated
It will continue like that counting 4,3,2,1 And will eventually say
The request GET http://www.yahoo.com/ is DENIED, because it matched
'AuthorizedUsers'
Access Denied: http://www.yahoo.com
AciMatchedName = AuthorizedUsers
Proxy Auth message = <NULL>

Later down the log I'll see
Creating entry 0x832c000: near 'X-Squid-Error: ERR_CACHE_ACCESS DENIED 0'
Creating entry 0x832c000' near 'Proxy-Authenticate: NTLM - a whole bunch of
letters, then trying more lookups.

Any ideas where I seem to be going awry here?

Thank you.
Received on Sat Nov 27 2004 - 11:08:22 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:02 MST