Re: [squid-users] Re: Having problems with ntlm_auth in my squid.conf file

From: Ray Dermody <dermodyr@dont-contact.us>
Date: Thu, 22 Feb 2007 12:47:58 +0000

Hi,
Thanks for that Craig, that seems to have got me a bit further now. Im
getting prompted for a username and password when I try to browse but
it accepting nothing. Under /var/log/messages Im can see ntlm_auth
(permission?) errors.

Feb 22 12:43:16 squidtest kernel: audit(1172148196.323:12): avc:
denied { create } for pid=3133 comm="ntlm_auth"
 scontext=user_u:system_r:winbind_helper_t
tcontext=user_u:system_r:winbind_helper_t tclass=udp_socket
Feb 22 12:43:16 squidtest kernel: audit(1172148196.323:13): avc:
denied { create } for pid=3133 comm="ntlm_auth"
 scontext=user_u:system_r:winbind_helper_t
tcontext=user_u:system_r:winbind_helper_t tclass=udp_socket
Feb 22 12:43:16 squidtest kernel: audit(1172148196.323:14): avc:
denied { create } for pid=3133 comm="ntlm_auth"
 scontext=user_u:system_r:winbind_helper_t
tcontext=user_u:system_r:winbind_helper_t tclass=udp_socket

Has any seen this error before.
Thanks in advance.

On 2/19/07, Craig Van Tassle <cvantassle@chemtool.com> wrote:
> Ray,
>
> In my squid.conf I have this for ntlm auth and it works perfectly
>
> auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 80
> auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Work Proxy Server
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
>
>
> Try starting out squid in the foregroud with debuging turned on. That helped me
> find a lot of errors I had in my squid.conf
>
>
> Ray Dermody wrote:
> > Hi,
> >>
> >> Im trying to get transparent authentication working to my active
> >> directory
> >> box as specified here (
> >> http://samba.org/samba/docs/man/Samba-Guide/DomApps.html ). My
> >> kerberos and
> >> smb config files work fine as klist -e, wbinfo -u and wbinfo -g returns
> >> proper results. However when I add
> >>
> >> auth_param ntlm program /usr/bin/ntlm_auth
> >> --helper-protocol=squid-2.5-ntlmssp
> >> auth_param ntlm children 5
> >> auth_param ntlm max_challenge_reuses 0
> >> auth_param ntlm max_challenge_lifetime 2 minutes
> >> auth_param basic program /usr/bin/ntlm_auth
> >> --helper-protocol=squid-2.5-basic
> >> auth_param basic children 5
> >> auth_param basic realm Squid proxy-caching web server
> >> auth_param basic credentialsttl 2 hours
> >> acl AuthorizedUsers proxy_auth REQUIRED
> >> http_access allow all AuthorizedUsers
> >>
> >> to my previously untouched/default squid.conf file. However when I
> >> start squid after this change I get errors in my
> >> /var/log/squid/squid.out file
> >>
> >> squid: ERROR: Could not send signal 0 to process 6193: (3) No such
> >> process
> >> squid: ERROR: Could not send signal 0 to process 6379: (3) No such
> >> process
> >> squid: ERROR: Could not send signal 0 to process 7114: (3) No such
> >> process
> >>
> >> When I do a "service squid start" it keeps adding a new PID and a
> >> "service squid stop" adds a new error to the squid.out file above.
> >> However when I uncomment all the auth_param stuff above I can shutdown
> >> and restart squid prefectly. Also when I run
> >> /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> >> --username=dermodyr manually I can authenticate perfectly. Ownership
> >> on ntlm_auth is
> >>
> >> -rwxrwxrwx 1 root squid 1170036 Feb 7 22:54 /usr/bin/ntlm_auth
> >>
> >> Im 95% sure that my problem is with my squid.conf file (
> >> http://software.itcarlow.ie/misc/squid.conf)
> >> Have i put these new entries into the wrong section of my config file?
> >> BTW, Im running Fedora Core 6, squid-2.6.STABLE9-1.fc6, samba 3.0.24
> >> and Kerberos5.
> >> Thanks to all
> >
> >
> >
> >
>
>
Received on Thu Feb 22 2007 - 05:48:15 MST

This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST