Hi All;
I'm going to try to make this short and sweet...
I'm very new to Squid and I'm in the process of trying to configure
SquidNT with NTLM authentication. I've found multiple sources of
information by googling and it would seem that to configure NTLM
authentication for Squid I'm going to have to use auth_param in
conjunction with external_acl_type to check NT local/global groups for
membership.
My question is the usage of the external_acl_type parameter. I haven't
been able to locate any full documentation on the usage and I can't
quite understand what I am doing wrong so I figured this would be the
best place to come :-)
Right now I have the following lines in my squid.conf (relevant to
authentication):
auth_param ntlm c:/squid/libexec/ntlm_win32_auth.exe
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate on
(basic authentication is commented out temporarily)
acl CONNECT method CONNECT
acl MYLAN src 192.168.6.0-192.168.6.254/255.255.255.0
acl Authenticated proxy_auth REQUIRED
external_acl_type NT_global_group %LOGIN
c:/squid/libexec/win32_check_group.exe -G -d -c
acl GProxyUsers external NT_global_group Internet_Access
http_access allow GProxyUsers Authenticated
SquidNT will not start with the above configuration, by commenting out
these lines:
# external_acl_type NT_global_group %LOGIN
# c:/squid/libexec/win32_check_group.exe -G -d -c
# acl GProxyUsers external NT_global_group Internet_Access
SquidNT will start OK, but of course that defeats the purpose.
Just so that everyone knows, SquidNT has been pre-compiled with all of
the necessary "helpers".
Any help would be greatly appreciated :-)
Thanks!!!
Received on Thu Feb 10 2005 - 08:43:28 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST