On Wed, Dec 27, 2006, Craig Van Tassle wrote: > Hello list. > > I have been trying to get NTLM authentication working with squid and winbind > under ubuntu 6.10. I can get user names and account with winbind, I can even try > using a domain user to login and I see this in my logs. > Dec 27 13:00:06 proxy pam_winbind[6734]: user 'domainuser' granted access > > The proxy works well if I have no authentication, however if I try to put > authentication in place, I get asked for the user name and password 3 time then > I get kicked out to a cache access denied page saying I cant access anything > until I authenticate to the proxy. According to what I have found on line my > setup should be correct. Any help would be appreciated. The Squid Wiki has an example for NTLM auth under Ubuntu: http://wiki.squid-cache.org/ConfigExamples/WindowsAuthenticationNTLM The first thing to check is whether you've configured samba/kerberos/winbind to be 'right' - use 'wbinfo -t' to check; wbinfo -u to list users. > http_access allow manager localhost > http_access deny manager > http_access allow purge localhost > http_access deny purge > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access deny porn > http_access deny virus > http_access deny radio > http_access deny phish > http_access allow internal_src You want this to be something like 'allow auth', not 'deny !auth', although I suspect it'll do the same thing.. > #http_access deny !auth > always_direct allow internal_dst > #http_access deny all > #http_reply_access allow all > miss_access allow all > icp_access deny all > coredump_dir /var/spool/squid -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
