Re: [squid-users] NTLM auth syntax on squid-2.6.STABLE4

From: Adrian Chadd <adrian@dont-contact.us>
Date: Wed, 1 Nov 2006 21:02:45 +0800

Check out the Wiki; I have a working ntlm_auth based squid-2.6 setup documented
in ConfigExamples.

Adrian

On Wed, Nov 01, 2006, P D wrote:
> Hi,
> I'm trying to get squid (ver 2.6.STABLE4) setup on a RHEL4 environment.
> I'm trying to get the squid setup to act as a transparent proxy, using
> NTLM to log active-directory usernames. When I initalise the squid
> cache (/usr/sbin/squid -z) everything works ok, but when I get to
> starting up the squid program (/usr/sbin/squid) I'm getting a number
> of warnings about the basicauthenticator helper..
>
> (squid): The basicauthenticator helpers are crashing too rapidly, need help!
> squid[7978]: Squid Parent: child process 8112 exited due to signal 6
> squid[7978]: Exiting due to repeated, frequent failures
>
> my first thought was to check the cache.log and got the following:
>
> helperStatefulOpenServers: Starting 15 'ntlm_auth' processes
> helperOpenServers: Starting 15 'ntlm_auth' processes
> Usage: (ntlm_auth) [OPTION...]
>
> which indicates that I've got my squid conf wrong...my squid.conf
> looks like this
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 15
> auth_param ntlm keep_alive on
> auth_param basic program /usr/bin/ntlm_auth
> auth_param basic children 15
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
>
> the problem I believe is down to the syntax of my ntlm_auth command.
> I tried testing the ntlm_auth program directly (/usr/bin/ntlm_auth) to
> see if I could find the problem.. I get the following back:
> ./ntlm_auth --helper-protocol
> username must be specified!
>
> I'm not sure what information I have to pass into the "./ntlm_auth
> --helper-protocol..." line.
> My thoughts were that "--helper-protocol=squid-2.5-ntlmssp" bit is
> wrong, but I'm not sure what to put in... any assistance would be
> gratefully appreciated.
>
> I have the samba side working ok, I have no problems in getting the
> groups or user information from AD using "wbinfo" calls..
>
> thanks in advance
>
> PD
>
>
>
>
> ./ntlm_auth --helper-protocol
> username must be specified!
Received on Wed Nov 01 2006 - 05:58:58 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:02 MST