On 12.04.2012 10:16, Wladner Klimach wrote:
On 11/04/2012 21:15, Wladner Klimach wrote:
That's the options I pointed for authetincation:
'--enable-auth=basic,digest,ntlm,negotiate'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth'
'--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth'
'--enable-digest-auth-helpers=password,ldap,eDirectory'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
What am I missing?
Take a step back. Please post *all* of the auth_param lines from your
config.
What I am reading from your earlier mail is:
* you saying "auth_param Negotiate ..." is setup. BUT ... cache.log
making no mention of it.
* cache.log saying "auth_param Basic ..." was setup and working.
* cache.log saying "auth_param NTLM ..." is not setup.
From a compilation perspective you don't appear to be missing
anything, but as I said I am not really familiar with that area -
perhaps someone else with more knowledge can confirm?
I presume the squid process has permissions to read from
winbindd_privileged (in /var/lib/samba/ on my setup). I would expect
to see other errors in your logs if there was a permission problem
though.
Have you tried just a plain ntlm_auth authenticator to see if that
works?:
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 3
auth_param ntlm keep_alive on
Can you post your entire squid.conf?
Amos
