RE: [squid-users] Problems with ntlm_auth

I set it to root:squid and everything seemed to work properly. Now I've
upgraded to Samba 3.0.9-1 on Fedora Core and it's not working regardless of
the pipe ownership.

-----Original Message-----
From: Ian Large [mailto:ian.large@salvesen.com]
Sent: Friday, October 29, 2004 5:49 AM
To: squid-users@squid-cache.org
Subject: [squid-users] Problems with ntlm_auth

Hi all

Environment:
RHEL WS 3.0
Samba 3.0.7-1.3E (Red Hat RPM version)
Squid 2.5.STABLE3-6.3E.2 (Red Hat RPM version)

I posted a question a couple of days ago which got me
finally pointed in the right direction to make this work.
Thanks to those who responded. However I find myself with a
little issue that I can't seem to get around. Once again, I
find myself in a position where I have a working proxy but
as soon as I attempt to add authentication I get failures.
The line I use in squid.conf is:

auth_param ntlm program /usr/lib/squid/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp

Every time I try to run it I get:

2004/10/29 09:04:42| helperStatefulOpenServers: Starting 30
'ntlm_auth' processes
(ntlm_auth): invalid option -- -
unknown option: -?. Exiting
(ntlm_auth) usage:
(ntlm_auth) [-b] [-f] [-d] [-l] domain\controller
[domain\controller ...]
-b enables load-balancing among controllers
-f enables failover among controllers (DEPRECATED and always
active)
-l changes behavior on domain controller failyures to
last-ditch.
-d enables debugging statements if DEBUG was defined at
build-time.

I have tried adding a domain/controller entry inbetween
"ntlm_auth" and "--helper..." and at the end of the line,
I've tried putting the slashes both ways and putting it in
quotes. I cannot think of any other permutations that I can
do. Winbind appears to be working well as does Samba in
general regarding access to shares. I am wondering if the
issue is "-"...the domain/controller is (like)
IT-DOM\srv-1234 and I have found other places in Linux where
dashes are not exactly helpful.

One thing I was told last time was to check the permissions
on the pipe directory; the docs I found suggested that the
squid user should be the owner but on my server it was
root/root. I changed the ownership to squid/squid and
winbind stopped working, despite adding 777 permissions. Is
this correct? Should the ownership be squid/root?

-- 
Ian Large <ian.large@salvesen.com>
IT Department, Christian Salvesen, Lodge Way,
New Duston, Northampton NN5 7SL, United Kingdom
Tel: +44 1604 737100 x760 Fax: +44 1604 737111
----------------------------------------------------------------------------
----
For information on Christian Salvesen visit our website at www.salvesen.com.
The information contained in this e-mail is strictly confidential and for
the use of the addressee only; it may also be legally privileged and / or
price sensitive.  Notice is hereby given that any disclosure, use or copying
of the information by anyone other than the intended recipient is prohibited
and may be illegal.  If you have received this message in error, please
notify the sender immediately by return e-mail.
Christian Salvesen has taken every reasonable precaution to ensure that any
attachment to this e-mail has been swept for viruses.  However, we cannot
accept liability for any damage sustained as a result of software viruses
and would advise that you carry out your own virus checks before opening any
attachment.
Christian Salvesen is a trading name of the Christian Salvesen Group.
Christian Salvesen PLC (Company number SC7173) is the ultimate holding
company within the Christian Salvesen Group whose registered office is at 16
Charlotte Square, Edinburgh EH2 4DF.