[squid-users] NTLM Authentication from Thompson, Scott \(WA\) on 2008-08-06 (squid-users)

From: Thompson, Scott \(WA\) <Scott.Thompson_at_affoods.com.au>
Date: Wed, 6 Aug 2008 14:55:17 +0800

Hi all
After my previous run around with Winbind and Likewise Open I decided to rebuild the server from scratch and reinstall Ubuntu 8.04, after some firewall configs I was able to successfully join the server to our Active Directory domain without any issues using Winbind and Samba
Some background info
Server is Ubuntu 8.04
Samba is 3.0.28a
Squid is 2.6 STABLE18

Wbinfo -u and -g shows all the AD groups, KINIT works etc

We were running on the old server Squid 2.5 STABLE6

I have simply done an apt-get on Squid and the 2.6 STABLE18 version is what it downloaded
After doing an updatedb I can see all the files etc

I have simply copied the squid.conf from my old server hoping this might work

When I start squid using the following command, 'squid -NCd10' it seems to start OK but when I try and authenticate myself I get a logon dialox box. I would have hoped it would just do it by itself and authenticate me!
The error I get on the console is

AuthenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'

Part of my squid.conf that relates to authentication is

# note: you may need to increase children based on your number of users
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 140
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 10 minute
#auth_param ntlm use_ntlm_negotiate on

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 20
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour

# only need this if you want to use Windows Domain Groups for acl(s)
external_acl_type nt_group ttl=0 concurrency=5 %LOGIN /usr/lib/squid/wbinfo_group.pl

Is there a better way to do this?
I didn't have to do a make or anything so do I need to recompile for the correct helpers etc?
Is it a permission thing perhaps?

Any suggestions would be MOST welcome
On a side note within the last week my Linux skills have improved 100 fold!

Regards,

___________________________________________
Scott Thompson
Network Administrator
Australian Fast Foods Pty Ltd
PO Box 676
Balcatta WA 6914

08 9240 9761
scott.thompson_at_affoods.com.au

Received on Wed Aug 06 2008 - 06:55:30 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 06 2008 - 12:00:02 MDT