Well....I try to authenticate my squid with an AD, I search the web, forums,
and a lot of things, and I can do samba and winbind work, later, I compile
squid with ntlm support (without ssl ;)) but, I canīt do work, IE just show
me _The page cannot be displayed_ and the typical IE error page, Firefox
show me the squid error page with auth error, I understand that mozilla must
ask me for a user pass, but just show me the error page, let me to show some
things of my config
nbsf000si10:/etc/squid# wbinfo -t
checking the trust secret via RPC calls succeeded
nbsf000si10:/etc/squid# /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
myuserhere mypasshere
OK
I compile squid with this line
./configure --prefix=/usr --datadir=/usr/share --localstatedir=/var
--sysconfdir=/etc/squid --infodir=/usr/share/info --mandir=/usr/share/man
--enable-snmp --enable-auth=ntlm,basic
--enable-external-acl-helpers=wbinfo_group
In my squid.conf I have this (and a lot more, but just below is important)
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
And this
acl Authenticated proxy_auth REQUIRED
http_access allow Authenticated
http_access deny all
cache_effective_user squid
cache_effective_group squid
My cache log say this
2005/04/01 12:07:05| Starting Squid Cache version 2.5.STABLE9 for
i686-pc-linux-gnu...
2005/04/01 12:07:05| Process ID 1297
2005/04/01 12:07:05| With 1024 file descriptors available
2005/04/01 12:07:05| DNS Socket created at 0.0.0.0, port 32867, FD 6
2005/04/01 12:07:05| Adding nameserver 172.16.1.107 from /etc/resolv.conf
2005/04/01 12:07:05| helperStatefulOpenServers: Starting 30 'ntlm_auth'
processes
2005/04/01 12:07:06| helperOpenServers: Starting 5 'ntlm_auth' processes
2005/04/01 12:07:07| Unlinkd pipe opened on FD 46
2005/04/01 12:07:07| Swap maxSize 102400 KB, estimated 7876 objects
2005/04/01 12:07:07| Target number of buckets: 393
2005/04/01 12:07:07| Using 8192 Store buckets
2005/04/01 12:07:07| Max Mem size: 8192 KB
2005/04/01 12:07:07| Max Swap size: 102400 KB
2005/04/01 12:07:07| Rebuilding storage in /var/spool/squid (CLEAN)
2005/04/01 12:07:07| Using Least Load store dir selection
2005/04/01 12:07:07| Current Directory is /
2005/04/01 12:07:07| Loaded Icons.
2005/04/01 12:07:07| Accepting HTTP connections at 0.0.0.0, port 3128, FD
48.
2005/04/01 12:07:07| Accepting ICP messages at 0.0.0.0, port 3130, FD 49.
2005/04/01 12:07:07| Accepting SNMP messages on port 3401, FD 50.
2005/04/01 12:07:07| WCCP Disabled.
2005/04/01 12:07:07| Ready to serve requests.
2005/04/01 12:07:07| Done reading /var/spool/squid swaplog (99 entries)
2005/04/01 12:07:07| Finished rebuilding storage from disk.
2005/04/01 12:07:07| 99 Entries scanned
2005/04/01 12:07:07| 0 Invalid entries.
2005/04/01 12:07:07| 0 With invalid flags.
2005/04/01 12:07:07| 99 Objects loaded.
2005/04/01 12:07:07| 0 Objects expired.
2005/04/01 12:07:07| 0 Objects cancelled.
2005/04/01 12:07:07| 0 Duplicate URLs purged.
2005/04/01 12:07:07| 0 Swapfile clashes avoided.
2005/04/01 12:07:07| Took 0.3 seconds ( 299.9 objects/sec).
2005/04/01 12:07:07| Beginning Validation Procedure
2005/04/01 12:07:07| Completed Validation Procedure
2005/04/01 12:07:07| Validated 99 Entries
2005/04/01 12:07:07| store_swap_size = 1748k
2005/04/01 12:07:08| storeLateRelease: released 0 objects
The winbind pipe is in /var/run/samba
drwxr-x--- 2 root squid 72 Apr 1 11:40 winbindd_privileged
srwxrwxrwx 1 root squid 0 Apr 1 11:40 pipe
And finally, the squid pam file have
nbsf000si10:/etc/pam.d# cat squid
auth required /lib/security/pam_winbind.so
account required /lib/security/pam_winbind.so
The access.log show me the 407 error (proxy auth required)
1112369138.221 1 172.16.1.43 TCP_DENIED/407 1741 GET
http://www.squid-cache.org/ - NONE/- text/html
1112369138.236 2 172.16.1.43 TCP_DENIED/407 1745 GET
http://www.squid-cache.org/ - NONE/- text/html
1112369138.286 1 172.16.1.43 TCP_DENIED/407 1741 GET
http://www.squid-cache.org/ - NONE/- text/html
1112369138.302 2 172.16.1.43 TCP_DENIED/407 1745 GET
http://www.squid-cache.org/ - NONE/- text/html
I donīt now why is not working, may be my brain is tired, I'm clogged,
disappoint, confused and a lot of negative feelings.....can anybody show me
the way to make me happy ?
Ops, I forget to say I'm using Debian Sarge, samba Version 3.0.10-Debian,
squid-2.5.STABLE9, kernel 2.4.28
Regards, Mauricio
Received on Fri Apr 01 2005 - 08:36:52 MST
This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT