RE: [squid-users] ntlm_auth seems to have losts it mind

That took care of that part, it now works from the command prompt but when I try to visit a page now it says

While trying to retrieve the URL: http://www.google.com/

The following error was encountered:

    * Cache Access Denied.

Sorry, you are not currently allowed to request:

    http://www.google.com/

from this cache until you have authenticated yourself.

For ntlm helpers I have
/usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
And for basic
/usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-basic


Acl

acl msad proxy_auth REQUIRED
http_access allow msad

Does anyone know of a relevant guide that covers install samba and squid3 and implementing msad authentication that utilizes ntlm? This was much easier to do with the supplied rpms with redhat but the versions supplied are old and out of date.

Jeremy



-----Original Message-----
From: Kinkie [mailto:gkinkie@gmail.com]
Sent: Wednesday, March 19, 2008 2:46 AM
To: Amos Jeffries
Cc: Martin, Jeremy; squid-users@squid-cache.org
Subject: Re: [squid-users] ntlm_auth seems to have losts it mind

On Wed, Mar 19, 2008 at 7:07 AM, Amos Jeffries <squid3@treenet.co.nz> wrote:
> Martin, Jeremy wrote:
> > Ok here is my issue, I have compiled and installed the latest stable version of squid and samba, and all seemed well until I tried the following command and got the following output. Anyone have any idea why this is not working like it used to, on my other box it will give the prompt where I can enter my username and password and it returns ok. Wbinfo -u and -g will populate the user and group info so I am pretty sure that is setup correctly, I just seem to be missing something here .
> >
> > Thanks
> > Jeremy
> >
> > debian:/usr/local/squid/libexec# ./ntlm_auth --helper-protocol=squid-2.5-basic
> > ./ntlm_auth: invalid option -- -
> > unknown option: -?. Exiting
> > ./ntlm_auth usage:
> > ./ntlm_auth [-b] [-f] [-d] [-l] domain\controller [domain\controller ...]
> > -b enables load-balancing among controllers
> > -f enables failover among controllers (DEPRECATED and always active)
> > -l changes behavior on domain controller failyures to last-ditch.
> > -d enables debugging statements if DEBUG was defined at build-time.
> >
> > You MUST specify at least one Domain Controller.
> > You can use either \ or / as separator between the domain name
> > and the controller name
> > ./ntlm_auth: invalid option -- h
> <snip the loop>
>
> Weird, but it is saying --helper-option= is not one of the command-line
> options.
>
> I think that is a squid internal option to tell squid how to connect to
> the helper.

Jeremy, you're using the squid-supplied NTLM helper, and not the Samba
one. I suggest you change that to the helper written by the Samba team
(and which understands the helper-protocol option)

--
 /kinkie

--
This message was scanned by ESVA and is believed to be clean.
Click here to report this message as spam.
http://spam.emcc.edu/cgi-bin/learn-msg.cgi?id=5C81729E75.7C831


Received on Wed Mar 19 2008 - 15:31:53 MDT