Hi,
Il 16.42 10/02/2005 Michael Wassell ha scritto:
>Hi All;
>
>I'm going to try to make this short and sweet...
>
>I'm very new to Squid and I'm in the process of trying to configure
>SquidNT with NTLM authentication. I've found multiple sources of
>information by googling and it would seem that to configure NTLM
>authentication for Squid I'm going to have to use auth_param in
>conjunction with external_acl_type to check NT local/global groups for
>membership.
>
>My question is the usage of the external_acl_type parameter. I haven't
>been able to locate any full documentation on the usage and I can't
>quite understand what I am doing wrong so I figured this would be the
>best place to come :-)
The documentation is included in the binary package in the doc directory.
>
>Right now I have the following lines in my squid.conf (relevant to
>authentication):
>
>auth_param ntlm c:/squid/libexec/ntlm_win32_auth.exe
>auth_param ntlm children 5
>auth_param ntlm max_challenge_reuses 0
>auth_param ntlm max_challenge_lifetime 2 minutes
>auth_param ntlm use_ntlm_negotiate on
If you are really using SquidNT 2.5 STABLE3, this configuration is wrong:
The option
auth_param ntlm use_ntlm_negotiate on
was available starting STABLE 5 version of Squid.
>(basic authentication is commented out temporarily)
>
>acl CONNECT method CONNECT
>acl MYLAN src 192.168.6.0-192.168.6.254/255.255.255.0
>acl Authenticated proxy_auth REQUIRED
>
>external_acl_type NT_global_group %LOGIN
>c:/squid/libexec/win32_check_group.exe -G -d -c
>acl GProxyUsers external NT_global_group Internet_Access
>
>http_access allow GProxyUsers Authenticated
>
>SquidNT will not start with the above configuration, by commenting out
>these lines:
>
># external_acl_type NT_global_group %LOGIN
># c:/squid/libexec/win32_check_group.exe -G -d -c
># acl GProxyUsers external NT_global_group Internet_Access
>
If I remember right, I have added the -c option to win32_check_group.exe
after STABLE3.
>SquidNT will start OK, but of course that defeats the purpose.
>
>Just so that everyone knows, SquidNT has been pre-compiled with all of
>the necessary "helpers".
>
In the binary package there is anything needed for full NTLM support.
>Any help would be greatly appreciated :-)
You MUST update to STABLE7, your current Squid version is very outdated.
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Gorizia, 69 10136 - Torino - ITALY
Tel. : +39.011.3249426 Fax. : +39.011.3293665
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Thu Feb 10 2005 - 09:03:23 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST