Re: [squid-users] Squid 3.0-PRE3 SSL reverse proxy from Michael Wray on 2005-03-02 (squid-users)

From: Michael Wray <mwray@dont-contact.us>
Date: Wed, 2 Mar 2005 14:47:17 -0600

This may or may not fit what you are looking at, but the symptoms match some
things I've come across when upgrading squid versions:

Check your /var/log.nmbd or /var/samba/log.nmbd for errors reguarding the
winbindd.priviledged (sp?) socket. Is it possible that the user squid is
running as is different? (the winbindd socket must be owned by root with no
group ownership at startup and works for normal winbindd auth, but after
bootup if you aren't running squid as root (not recommended) you need to
change the group ownership to match squid's group and give the group write
privlidges to the socket.

Michael Wray
AIMConnect.

> Hi All,
>
> Please bear with me,
>
> I have been successfully using squid2.5 as an (http) reverse proxy for
> the last couple of years. One application is Domino Web Access, which
> required a user to then POST login credentials to Domino. The other was
> is an asp website, that requires integrated windows authentication.
> These reverse proxies used winbindd to initially authenticate users off
> an NT4 password server, then pass to these apps. The asp application was
> displayed immediately, as I presume IE used the same credential as the
> initial squid authentication, to then pass onto the app.
>
> After upgrading to Squid 3.0-PRE3 and SSL, I have been having problems
> with the ASP application proxy. The Domino Web App proxy is working very
> well.
>
> The two config files are very similar, differing only on the cache_peer
> and http_port (for crt info) lines. The symptoms of the ASP issue are,
> that after I authenticate successfully to squid/winbindd, I am prompted
> with the old three field NTLM Ruth box. Username, password and domain box.
>
> Auth is using winbindd below:
>
> ## Set up auth_param. Src was built with --enable-auth="basic"
> auth_param basic program /usr/local/samba/bin/ntlm_auth \
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm UCM Secure Domino Web Access
> auth_param basic credentialsttl 2 hours
>
> Any ideas, really stuck with this one? Unfortunately I have no control
> over the asp application, and it does require Integrated
> authentication.. Squid logs seem to be normal.
>
> Andrew
Received on Wed Mar 02 2005 - 13:46:58 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:01 MST