On 11/04/2012 17:56, Wladner Klimach wrote:
Hi people,
I'm having some problem to implement NTLM at my squid box. I've
followed the documentation guides but for some unknown reason isn't
still working. Here is my squid.conf ( authentication portion only):
auth_param negotiate program
/squid-3.2.0.16/helpers/negotiate_auth/wrapper/negotiate_wrapper_auth
-d --ntlm /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
--kerberos /usr/src/redhat/BUILD/squid-3.1.18/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth
-s HTTP/grazina2.redecamara.camara.gov.br
auth_param negotiate children 30 startup=10 idle=10
auth_param negotiate keep_alive on
As you can see I'm using the wrapper helper offered by squid-3.2, but
my squid box is the squid-3.1. The Kerberos scheme works just fine. So
how can I debug it? I really need NTLM too in order to authenticate
users that access some old sites that don't handle kerberos. I really
hope you guys can help me overtaking this issue.
Regards,
Wladner
Hi Wladner,
It may be useful to get the plain ntlm auth helper working on its own
first. Once that is working, you can then re-enable the negotiate wrapper.
I am not sure how much of the NTLM auth tests you have done. Have you
tested that winbind is running and communicating with the domain? You
can test that the basics are in place with wbinfo -t to check the shared
secret, or wbinfo -u which should return a list of all your domain users.
What happens if you run ntlm auth directly:
ntlm_auth --username=<your username>
Is there anything in your debug log which might give a little more
information about what isn't working?
Regards,
Harry
