Search squid archive

[squid-users] Ntlm auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Well....I try to authenticate my squid with an AD, I search the web, forums,
and a lot of things, and I can do samba and winbind work, later, I compile
squid with ntlm support (without ssl ;)) but, I can´t do work, IE just show
me _The page cannot be displayed_ and the typical IE error page, Firefox
show me the squid error page with auth error, I understand that mozilla must
ask me for a user pass, but just show me the error page, let me to show some
things of my config

nbsf000si10:/etc/squid# wbinfo -t
checking the trust secret via RPC calls succeeded

nbsf000si10:/etc/squid# /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
myuserhere mypasshere
OK

I compile squid with this line

./configure --prefix=/usr --datadir=/usr/share --localstatedir=/var
--sysconfdir=/etc/squid --infodir=/usr/share/info --mandir=/usr/share/man
--enable-snmp  --enable-auth=ntlm,basic
--enable-external-acl-helpers=wbinfo_group

In my squid.conf I have this (and a lot more, but just below is important)

        auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
        auth_param ntlm children 30
        auth_param ntlm max_challenge_reuses 0
        auth_param ntlm max_challenge_lifetime 2 minutes

        auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
        auth_param basic children 5
        auth_param basic realm Squid proxy-caching web server
        auth_param basic credentialsttl 2 hours

And this
	
	acl Authenticated proxy_auth REQUIRED
	http_access allow Authenticated
	http_access deny all
	cache_effective_user squid
	cache_effective_group squid

My cache log say this
2005/04/01 12:07:05| Starting Squid Cache version 2.5.STABLE9 for
i686-pc-linux-gnu...
2005/04/01 12:07:05| Process ID 1297
2005/04/01 12:07:05| With 1024 file descriptors available
2005/04/01 12:07:05| DNS Socket created at 0.0.0.0, port 32867, FD 6
2005/04/01 12:07:05| Adding nameserver 172.16.1.107 from /etc/resolv.conf
2005/04/01 12:07:05| helperStatefulOpenServers: Starting 30 'ntlm_auth'
processes
2005/04/01 12:07:06| helperOpenServers: Starting 5 'ntlm_auth' processes
2005/04/01 12:07:07| Unlinkd pipe opened on FD 46
2005/04/01 12:07:07| Swap maxSize 102400 KB, estimated 7876 objects
2005/04/01 12:07:07| Target number of buckets: 393
2005/04/01 12:07:07| Using 8192 Store buckets
2005/04/01 12:07:07| Max Mem  size: 8192 KB
2005/04/01 12:07:07| Max Swap size: 102400 KB
2005/04/01 12:07:07| Rebuilding storage in /var/spool/squid (CLEAN)
2005/04/01 12:07:07| Using Least Load store dir selection
2005/04/01 12:07:07| Current Directory is /
2005/04/01 12:07:07| Loaded Icons.
2005/04/01 12:07:07| Accepting HTTP connections at 0.0.0.0, port 3128, FD
48.
2005/04/01 12:07:07| Accepting ICP messages at 0.0.0.0, port 3130, FD 49.
2005/04/01 12:07:07| Accepting SNMP messages on port 3401, FD 50.
2005/04/01 12:07:07| WCCP Disabled.
2005/04/01 12:07:07| Ready to serve requests.
2005/04/01 12:07:07| Done reading /var/spool/squid swaplog (99 entries)
2005/04/01 12:07:07| Finished rebuilding storage from disk.
2005/04/01 12:07:07|        99 Entries scanned
2005/04/01 12:07:07|         0 Invalid entries.
2005/04/01 12:07:07|         0 With invalid flags.
2005/04/01 12:07:07|        99 Objects loaded.
2005/04/01 12:07:07|         0 Objects expired.
2005/04/01 12:07:07|         0 Objects cancelled.
2005/04/01 12:07:07|         0 Duplicate URLs purged.
2005/04/01 12:07:07|         0 Swapfile clashes avoided.
2005/04/01 12:07:07|   Took 0.3 seconds ( 299.9 objects/sec).
2005/04/01 12:07:07| Beginning Validation Procedure
2005/04/01 12:07:07|   Completed Validation Procedure
2005/04/01 12:07:07|   Validated 99 Entries
2005/04/01 12:07:07|   store_swap_size = 1748k
2005/04/01 12:07:08| storeLateRelease: released 0 objects

The winbind pipe is in /var/run/samba
drwxr-x---  2 root squid    72 Apr  1 11:40 winbindd_privileged
	srwxrwxrwx  1 root squid 0 Apr  1 11:40 pipe

And finally, the squid pam file have

nbsf000si10:/etc/pam.d# cat squid
auth required /lib/security/pam_winbind.so
account required /lib/security/pam_winbind.so


The access.log show me the 407 error (proxy auth required)
1112369138.221      1 172.16.1.43 TCP_DENIED/407 1741 GET
http://www.squid-cache.org/ - NONE/- text/html
1112369138.236      2 172.16.1.43 TCP_DENIED/407 1745 GET
http://www.squid-cache.org/ - NONE/- text/html
1112369138.286      1 172.16.1.43 TCP_DENIED/407 1741 GET
http://www.squid-cache.org/ - NONE/- text/html
1112369138.302      2 172.16.1.43 TCP_DENIED/407 1745 GET
http://www.squid-cache.org/ - NONE/- text/html


I don´t now why is not working, may be my brain is tired, I'm clogged,
disappoint, confused and a lot of negative feelings.....can anybody show me
the way to make me happy ?
Ops, I forget to say I'm using Debian Sarge, samba Version 3.0.10-Debian,
squid-2.5.STABLE9, kernel 2.4.28 


Regards, Mauricio


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux