RE: [squid-users] ntlm_auth seems to have losts it mind

Ok, I don't think I have ever had to install something that is as
frustrating as this. I have installed another "blank" box and completed
the following steps:

1. Compiled and installed applications.

Setup krb5

./autogen.sh
apt-get install libldap2-dev
./configure --enable-ntlm-auth-helpers="winbind,SMB"
--enable-external-acl-helpers="unix_group,wbinfo_group"
--enable-auth="ntlm,basic" --with-winbind-auth-challenge
--with-samba-sources="/opt/samba-3.0.28a/source"
--enable-basic-auth-helpers="winbind" --with-winbind
--with-winbind-auth-challenge --with-ads

net ads join -U administrator -S alpha.emcc.edu

apt-get install libssl-dev
apt-get install libsasl2-dev

 ./configure --enable-epoll --with-openssl= --enable-snmp
--enable-removal-policies=heap,lru
--enable-storeio=aufs,coss,diskd,null,ufs --enable-ssl
--enable-delay-pools --enable-linux-netfilter --with-pthreads
--enable-ntlm-auth-helpers=SMB,fakeauth
--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group
--enable-auth=basic,digest,ntlm --enable-digest-auth-helpers=password
--with-winbind-auth-challenge --enable-useragent-log
--enable-referer-log --disable-dependency-tracking
--enable-cachemgr-hostname=localhost --enable-underscores
--enable-basic-auth-helpers=LDAP,MSNT,NCSA,,SMB,YP,getpwnam,multi-domain
-NTLM,SASL --enable-cache-digests --enable-ident-lookups
--with-large-files --enable-follow-x-forwarded-for

2. This time I changed the /usr/local/samba/bin/ntlm_auth to run as
root using chmod, just to make sure it has rights.
3. Created a squid user and a service group. I made squid and the
service group the owner of both the squid and samba folders in the
/usr/local.
4. wbinfo -t -g u all do what they are supposed to and ntlm_auth at the
command prompt works correctly.
5. start squid and point a webbrowser at an address and it says Cache
Access Denied, Sorry, you are not currently allowed to request:
http://www.msn.com from this cache until you have authenticated
yourself. I am not being prompted for any login info on machines that
are not part of the domain so it is like squid is not even asking the
browser to authenticate its self.

In the log files it says TCP_DENIED/407 2672 Get http://www.msn.com/
.....
There are no errors in the cache.log file and the store.log file just
has an entry about http://www.msn.com

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Thursday, March 20, 2008 5:38 PM
To: Martin, Jeremy
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] ntlm_auth seems to have losts it mind

On Wed, 2008-03-19 at 23:49 -0400, Martin, Jeremy wrote:
> Ok, #1 should be all set wbinfo -t -g -u all work correctly #2,3
should
> be all set (did not work so I went as far as making the squid user and
> squid group owner of the folder and all the children and assigning 777
> for the permissions, just to make sure)

Samba will reject the directory if you use 777 I think. Permissions on
the directory should be 750 or 710.

Regards
Henrik

--
This message was scanned by ESVA and is believed to be clean.
Click here to report this message as spam. 
http://spam.emcc.edu/cgi-bin/learn-msg.cgi?id=C23AB27B94.A364C