Re: [squid-users] Problem setting up SquidNT and NT Authentication

hi Tom,
I had a little bit the same problem as yuo last week. I am only used the
basis authentifaction for the clients. I got a good help from Serassio
Guido about this topic . He wrote:

You can find a Window build of NCSA tools in the Squid for Windows
download
page.
http://www.acmeconsulting.it/SquidNT.html

Her are some information about the basic authenfication:

-> You need a passwd-file for the basic authenfication.

-> You must write the username and the password with the programm
htpasswd.exe in this file (you will find the programm at the side http://www.acmeconsulting.it/SquidNT.html)

-> You must write the filename and the name of path file the passwd into
the Sqiud.conf. For example:
auth_param basic program /squid/libexec/ncsa_auth.exe /squid/etc/passwd
 
 -> I started the process auth_param.exe separat after I have started the
squid proxy

After that it works fine.

Best regards
Clemens

From: "Tom Cannaerts" <t.cannaerts@unec.be> on 20.06.2005 09:28 ZE2

To:
<squid-users@squid-cache.org>

cc:

Subject:
[squid-users] Problem setting up SquidNT and NT Authentication

Hi, I'm new to Squid, and I can't seem to solve this problem (probably
overlooking something)

I'm using SquidNT running on a Windows Server 2003 Active Directory
controller, and want to restrict access to a specific Windows user group
(InternetUsers).
What happens is that I always get a permission denied page, and the
browser does not prompt me for a username/password (tried both IE and
FireFox).
I found a linux example on how this should be done (using a perl
script), and changed it to use the exe files supplied with SquidNT, but
it ain't working.

Here are the relevant lines of my squid.conf

auth_param ntlm program c:/squid/libexec/win32_ntlm_auth.exe
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off

auth_param basic program c:/squid/libexec/NT_auth.exe
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

external_acl_type NT_local_group %LOGIN
c:/squid/libexec/win32_check_group.exe
acl LProxyUsers external NT_local_group InternetUsers
acl password proxy_auth REQUIRED
http_access allow password LProxyUsers
http_access deny all

If anyone has done something similar, or simply knows how this must be
done, please help me out.

Greetings,

Tom
Received on Mon Jun 20 2005 - 03:07:10 MDT