Hi,
Il 16.42 10/02/2005 Michael Wassell ha scritto:
Hi All;
I'm going to try to make this short and sweet...
I'm very new to Squid and I'm in the process of trying to configure SquidNT with NTLM authentication. I've found multiple sources of information by googling and it would seem that to configure NTLM authentication for Squid I'm going to have to use auth_param in conjunction with external_acl_type to check NT local/global groups for membership.
My question is the usage of the external_acl_type parameter. I haven't been able to locate any full documentation on the usage and I can't quite understand what I am doing wrong so I figured this would be the best place to come :-)
The documentation is included in the binary package in the doc directory.
Right now I have the following lines in my squid.conf (relevant to authentication):
auth_param ntlm c:/squid/libexec/ntlm_win32_auth.exe auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm use_ntlm_negotiate on
If you are really using SquidNT 2.5 STABLE3, this configuration is wrong:
The option
auth_param ntlm use_ntlm_negotiate on
was available starting STABLE 5 version of Squid.
(basic authentication is commented out temporarily)
acl CONNECT method CONNECT acl MYLAN src 192.168.6.0-192.168.6.254/255.255.255.0 acl Authenticated proxy_auth REQUIRED
external_acl_type NT_global_group %LOGIN c:/squid/libexec/win32_check_group.exe -G -d -c acl GProxyUsers external NT_global_group Internet_Access
http_access allow GProxyUsers Authenticated
SquidNT will not start with the above configuration, by commenting out these lines:
# external_acl_type NT_global_group %LOGIN # c:/squid/libexec/win32_check_group.exe -G -d -c # acl GProxyUsers external NT_global_group Internet_Access
If I remember right, I have added the -c option to win32_check_group.exe after STABLE3.
SquidNT will start OK, but of course that defeats the purpose.
Just so that everyone knows, SquidNT has been pre-compiled with all of the necessary "helpers".
In the binary package there is anything needed for full NTLM support.
Any help would be greatly appreciated :-)
You MUST update to STABLE7, your current Squid version is very outdated.
Regards
Guido
- ======================================================== Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: guido.serassio@xxxxxxxxxxxxxxxxx WWW: http://www.acmeconsulting.it/
