RE: [squid-users] Ntlm auth

From: <duranm@dont-contact.us>
Date: Mon, 4 Apr 2005 17:37:10 -0300

Ok, I compiled samba with the follow options

nbsf000si10:/usr/src/samba-3.0.13/source# ./configure --with-ldap --with-fhs
--enable-shared --enable-static --prefix=/usr --sysconfdir=/etc
--libdir=/etc/samba --with-privatedir=/etc/samba
--with-piddir=/var/run/samba --localstatedir=/var --with-netatalk
--with-smbmount --with-pam --with-syslog --with-utmp --with-readline
--with-pam_smbpass --with-libsmbclient --with-winbind --with-msdfs
--with-automount --with-acl-support --with-tdbsam

I check wbinfo
nbsf000si10:/usr/src/samba-3.0.13/source# wbinfo -t
checking the trust secret via RPC calls succeeded

I check the plain auth

nbsf000si10:/var/log/samba# /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
Myuser mypass
OK

I have this lines in squid.conf

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl Authenticated proxy_auth REQUIRED
http_access allow Authenticated

BUT DOESN´T WORK !!!!
If I try with IE, I have the standard ie error page _The page cannot be
displayed­­_ and the log say

1112646622.054 0 172.16.254.231 TCP_DENIED/407 1741 GET
http://www.squid-cache.org/ - NONE/- text/html
1112646622.059 0 172.16.254.231 TCP_DENIED/407 1745 GET
http://www.squid-cache.org/ - NONE/- text/html
1112646622.091 0 172.16.254.231 TCP_DENIED/407 1741 GET
http://www.squid-cache.org/ - NONE/- text/html
1112646622.132 0 172.16.254.231 TCP_DENIED/407 1745 GET
http://www.squid-cache.org/ - NONE/- text/html

Four (4) entrys from one access try

If I use Firefox (must ask me for usr/pass, but don´t) just I have the squid
error page
ERROR
Cache Access Denied

And the squid.log say
1112646702.030 24 172.16.254.231 TCP_DENIED/407 1741 GET
http://www.squid-cache.org/ - NONE/- text/html
1112646702.167 9 172.16.254.231 TCP_DENIED/407 1745 GET
http://www.squid-cache.org/ - NONE/- text/html

Two entrys from one access

I´m very very very very disappointed, please, I need a light in this way

Regards

-----Original Message-----
From: Marco Aurelio Monteiro [mailto:mmonteiro-lista@viaconnect.com.br]
Sent: Friday, April 01, 2005 3:00 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Ntlm auth

Read this (Brazilian Portuguese):
http://lists.debian.org/debian-user-portuguese/2004/06/msg01225.html

You should compile Samba from source using special parameters not used by
Debian-Samba mantainers.

duranm@bancobsf.com.ar wrote:
> Ops, I forget to say I'm using Debian Sarge, samba Version
> 3.0.10-Debian, squid-2.5.STABLE9, kernel 2.4.28

-- 
Atenciosamente,
    Marco Aurelio Monteiro
     Analista de suporte
  mmonteiro@viaconnect.com.br
--------------------------------
Viaconnect - Conectividade Total
    Fone: +55 (54) 2101-5500
Received on Mon Apr 04 2005 - 14:37:30 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT