Re: [squid-users] squidnt2.5 stable 10 ntlm authentication

From: Serassio Guido <guido.serassio@dont-contact.us>
Date: Sat, 29 Oct 2005 09:55:10 +0200

Hi,

At 04.31 29/10/2005, tan hs wrote:
>I am new to Squid. I got the SquidNT2.5 installed and everything works
>well. I tried the win32_auth and it works well too. I don't quite like it
>and I tried the ntlm. Everythings works fine also except I found
>out that if I tried to get the win32_check_group to grap a file which
>contains the global group it failed to works. If I make it direct to
>the acl line it works well. Just wonder what could goes wrong.
>
>FYI, I have an NT4.0 PDC with a global group "gproxy".
>
>I checked the cache log file, and I got this error msg.
>/win32_check_group.exe NetUserGetGroups() failed.
>
>I have tried to search on the archive, but I could find a good solution.
>
>The following is an abstract of the squid.conf configuration file.
>...
>auth_param ntlm program d:/squid/libexec/win32_ntlm_auth.exe
>auth_param ntlm children 5
>auth_param ntlm max_challenge_reuses 0
>auth_param ntlm max_challenge_lifetime 2 minutes
>auth_param ntlm use_ntlm_negotiate on
>
>external_acl_type NT_global_group %LOGIN
>d:/squid/libexec/win32_check_group.exe -D NMSCDOM -G -P

-D and -P option should not be needed for you. Usually they are used
for special configurations, but this should be not related to your problem.

># the next line is not working... tried many ways, this file contains
>only gproxy
># with or without double quotes
>#acl GProxyUsers external NT_global_group "d:/squid/etc/iusers"
>acl GProxyUsers external NT_global_group gproxy
>http_access allow GProxyUsers

You should check with cachemgr.cgi (or with squidclient
http://www.squid-cache.org/mail-archive/squid-users/200402/0919.html)
how is parsed squid.conf.

You could add the -d option to win32_check_group.exe to get more
debug info (don't forget to remove it when finished).

Regards

Guido

-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Sat Oct 29 2005 - 01:55:52 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:05 MST