RE: [squid-users] Dansguardian Squid NTLM from Paul Matthews on 2005-10-13 (squid-users)

From: Paul Matthews <paul.matthews@dont-contact.us>
Date: Fri, 14 Oct 2005 11:34:23 +1000

Just an update on this message

I've got it running ... kinda

I've got firebox beta installed on my machine and when I run it threw my
squid proxy server with ntlm, it shows up with domain\username in my log
files, but when I run IE with the same settings it shows up with a '-' in my
log files? When I log onto a machine not attached to the domain and try an
access my proxy server it doesn't ask for authentication.

In my DansGuardian configuration file I have

Usernameidmethodproxyauth = on

And my squid ALC 's

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl ntlm_auth proxy_auth REQUIRED
acl localnet src 192.168.0.0/255.255.254.0

my squid http_access rules

http_access allow localhost
http_access allow ntlm_auth

NTLM authentication rules

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minute
auth_param ntlm use_ntlm_negotiate on
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
auth_param basic casesensitive off

-----Original Message-----
From: Paul Matthews [mailto:paul.matthews@cathedral.qld.edu.au]
Sent: Friday, 14 October 2005 10:21
To: squid-users@squid-cache.org
Subject: [squid-users] Dansguardian Squid NTLM

Hi there

I've got my RHEL 4 box to authenticate using NTLM. Now I want to run
DansGuardian, I have edited in the '/etc/dansguardian/dansguardian.conf'
file to say

usernameidmethodproxyauth = on

I have DansGuardian running on 8080 and squid on 3128. when I run IE via
3128 all is good, but when I run it via 8080 I get ' The page cannot be
displayed' - ' Cannot find server or DNS Error Internet Explorer'??

Does anyone have a good setup, or how to guide or running these two programs
together using NTLM?

Do I need to change some ACL's to run squid/ntlm with squid?

When I place the 'http_access allow localhost' before the 'http_access allow
ntlm_auth' then DansGuardian works, but in the DansGuardian log file is does
not log the domain\username.
Received on Thu Oct 13 2005 - 19:34:27 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:04 MST