Thomas,
Sorry I didn't reply to the first email, I was very busy this
week.
please delete lines 688 and 689 from helper.c. They snuck into CVS.
(oops!)
I'll commit a fix to CVS tomorrow.
Rob
> -----Original Message-----
> From: Thomas Goebel [mailto:thomas@an-netz.de]
> Sent: Friday, 6 October 2000 5:12 PM
> To: Robert Collins
> Cc: squid-users@ircache.net
> Subject: Squid-ntlm compiling problems #2
>
>
> Hallo list and Robert,
>
> now i have time to install squid-ntlm.
>
> Here is what i done:
>
> step 1
> fwi:/DOWN/squid-ntlm # autoconf
> configure.in:905: warning: AC_TRY_RUN called without default to allow
> cross compiling
> configure.in:999: warning: AC_TRY_RUN called without default to allow
> cross compiling
> configure.in:1000: warning: AC_TRY_RUN called without default to allow
> cross compiling
> configure.in:1001: warning: AC_TRY_RUN called without default to allow
> cross compiling
> configure.in:1275: warning: AC_TRY_RUN called without default to allow
> cross compiling
> fwi:/DOWN/squid-ntlm #
>
>
> step2
> fwi:/DOWN/squid-ntlm # autoheader
> configure.in:905: warning: AC_TRY_RUN called without default to allow
> cross compiling
> configure.in:1275: warning: AC_TRY_RUN called without default to allow
> cross compiling
> fwi:/DOWN/squid-ntlm #
>
> step3
> fwi:/DOWN/squid-ntlm # ./configure --enable-ntlm-authentication
> --enable-ntlm-auth-modules=NTLMSSP --enable-snmp
> --enable-basic-authentication
>
> works without errors!!!
>
> step4
> fwi:/DOWN/squid-ntlm # make
> ....
> helper.c: In function `StatefulEnqueue':
> helper.c:688: warning: suggest parentheses around assignment used as
> truth value
> helper.c:689: warning: implicit declaration of function
> `helperStatefulSpawnServers'
> ....
>
> gcc -o squid -g access_log.o acl.o asn.o authenticate.o cache_cf.o
> CacheDigest.o cache_manager.o carp.o
> cbdata.o client_db.o client_side.o comm.o comm_select.o debug.o disk.o
> dns_internal.o errorpage.o ETag.o event.o fd.o filemap.o forward.o
> fqdncache.o ftp.o globals.o gopher.o helper.o http.o HttpStatusLine.o
> HttpHdrCc.o HttpHdrRange.o HttpHdrContRange.o HttpHeader.o
> HttpHeaderTools.o HttpBody.o HttpMsg.o HttpReply.o
> HttpRequest.o icmp.o
> icp_v2.o icp_v3.o ident.o internal.o ipc.o ipcache.o logfile.o main.o
> mem.o MemPool.o MemBuf.o mime.o multicast.o neighbors.o net_db.o
> Packer.o pconn.o peer_digest.o peer_select.o redirect.o referer.o
> refresh.o repl_modules.o send-announce.o snmp_core.o
> snmp_agent.o ssl.o
> stat.o StatHist.o String.o stmem.o store.o store_io.o store_client.o
> store_digest.o store_dir.o store_key_md5.o store_log.o store_modules.o
> store_rebuild.o store_swapin.o store_swapmeta.o store_swapout.o
> string_arrays.o
> tools.o unlinkd.o url.o urn.o useragent.o wais.o wccp.o whois.o
> fs/ufs.a repl/lru.a -L../lib -lcrypt -L../snmplib -lsnmp -lmiscutil
> -lm -lresolv -lnsl
> helper.o: In function `StatefulEnqueue':
> /DOWN/squid-ntlm/src/helper.c:689: undefined reference to
> `helperStatefulSpawnServers'
> collect2: ld returned 1 exit status
> make[2]: *** [squid] Error 1
> make[2]: Leaving directory `/DOWN/squid-ntlm/src'
> make[1]: *** [all] Error 2
> make[1]: Leaving directory `/DOWN/squid-ntlm/src'
> make: *** [all] Error 1
> fwi:/DOWN/squid-ntlm #
>
> OK. what can i do???
>
> cu
>
> Thomas
>
>
> Robert Collins wrote:
> >
> > Thomas,
> > please keep replies cc:d to the list. Thanks.
> >
> > are you looking in "ntlm_auth_modules" or "auth_modules"
> see 1. key changes
> > to squid below.
> >
> > Rob
> >
> > ----- Original Message -----
> > From: <thomas@tomys.de>
> > To: "Robert Collins" <robert.collins@itdomain.com.au>
> > Sent: Wednesday, September 20, 2000 6:04 AM
> > Subject: Re: [SQU] automatic smb_auth
> >
> > > Hallo,
> > >
> > > sorry,, but i can not find the ntlm-auth source-code. I
> downloaded the
> > CVS-tree and some sourcepackages. Thare are only
> > > auth_modules/multi-domain-NTLM/smb_auth.pl
> > >
> > > please tell were i can find the ntlm-source.
> > >
> > > cu
> > > Thomas
> > >
> > > > Well its not well documented yet... but here's a quick
> list of things to
> > do &
> > > > notes about ntlm auth.
> > > > Hey kinkie have I missed anything drastic? I might turn
> this list into
> > the
> > > > start of our HOW-TO ...
> > > >
> > > >
> > > > 0. background
> > > > -within HTTP there are three common authentication types: BASIC,
> > > > DIGEST, NTLM. Of these only BASIC and DIGEST are official
> > > > http authenticaton protocols. Basic authentication is
> clear text.
> > digest
> > > > uses a challenge-response format, as does NTLM.
> > > > -Challenge-response helpers in squid cannot be tested from the
> > command-line
> > > > for two reasons. One: the helper needs the base64 data
> > > > from the client to correctly interpret and verify the
> authentication
> > request.
> > > > Two: the authentication requests are stateful, so you need to
> > > > generate the correct response to the 1st result the
> helper gives you.
> > > > - NTLM and proxies. NTLM was not designed with
> stateless (ie HTTP)
> > > > environments in mind. MS have got it to work, via a
> massive hack on the
> > > > protocol. It DOES NOT WORK THROUGH PROXIES. Only the
> first hop can be
> > NTLM
> > > > authenticatied. This includes MS's IIS based proxy
> products. NTLM will
> > also
> > > > not work with transparent proxies (same reason as BASIC
> authentication
> > > > doesn't_)so please, don't ask.
> > > > 1. key changes to squid
> > > > - the auth_modules directory is largely irrelevant for
> ntlm based
> > > > environments. The helpers in auth_modules are BASIC
> helpers only. This
> > > > includes the smb_auth,MSNT and multi-domain-NTLM.
> > > > - there is a new directory ntlm_auth_helpers that
> contains the NTLM
> > helper
> > > > source programs.
> > > > - the default ./configure will not enable any
> authentication code in
> > squid
> > > > (great for ISP's). New configuration directives allow
> > > > basic auth, the basic auth modules to build, ntlm-auth,
> and the ntlm
> > auth
> > > > modules to build to be handled separately. Compiling in both
> > > > basic and ntlm auth will allow you to 'fall back' to basic
> > authentication if a
> > > > browser does not support NTLM.
> > > > 2. howto get NTLM authentication working
> > > > - download the source
> > > > - configure with (at a minimum) --enable-ntlm-authentication and
> > > > --enable-ntlm-auth-modules=NTLMSSP
> > > > - check the ntlmssp source code for any hardcoded
> parameters (it's only
> > just
> > > > stablised, there may be some 'magic' in the source at
> the moment). Also
> > the
> > > > command-line format is documented in the source.
> > > > - you can use fakeauth or no_check if you just want to
> validate the
> > username,
> > > > but not check the password/login time limits.
> > > > -compile and install squid
> > > > - edit the squid.conf to specify the ntlm_authentication_helper
> > command-line
> > > > and at least one proxy_auth acl entry.
> > > > -cross fingers (:-]) and use internet explorer FROM A
> DOMAIN USER
> > ACCOUNT to
> > > > surf the web.
> > > >
> > > > Rob
> > > >
> > > >
> > > > Thomas Goebel wrote:
> > > >
> > > > > Hallo,
> > > > >
> > > > > sorry, i installed NTLM. But it does not work.
> > > > > I tried at comandline to authenticate with
> smp_auth.pl and this also
> > not
> > > > > worked.
> > > > >
> > > > > Please help. Where can i get Information of NTLM.
> > > > >
> > > > > cu
> > > > >
> > > > > Thomas
> > > > >
> > > > > Robert Collins wrote:
> > > > > >
> > > > > > This is exactly what the recently developed NTLM
> authentication for
> > squid
> > > > > > does.
> > > > > >
> > > > > > It uses MS challenge handshaking authentication
> protocol (CHAP) for
> > the
> > > > > > browser. You need internet explorer 3 or newer to use it.
> > > > > >
> > > > > > Rob
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Thomas Goebel" <thomas@an-netz.de>
> > > > > > To: <squid-users@ircache.net>; <linuxml@hekkihek.hacom.nl>
> > > > > > Sent: Tuesday, September 19, 2000 11:36 PM
> > > > > > Subject: [SQU] automatic smb_auth
> > > > > >
> > > > > > > Hallo,
> > > > > > >
> > > > > > > is it possible to perform the authentication against the
> > > > > > > proxy automatically, invisible to the Windows user.
> > > > > > > The Microsoft IIS authenticates the user, logged in at the
> > workstation,
> > > > > > > automatically.
> > > > > > >
> > > > > > > cu
> > > > > > >
> > > > > > > Thomas
> > > > > > >
> > > > > > > --
> > > > > > > To unsubscribe, see
> http://www.squid-cache.org/mailing-lists.html
> > > > > > >
> > > > > > >
> > > >
> > >
> > >
> > > --
> > >
> > > ################################################
> > > # Thomas Goebel <Systemadministrator> #
> > > # #
> > > # E-Mail: thomas@an-netz.baynet.de #
> > > # #
> > > # Stellvertr. Vorsitzender im #
> > > # Traegerverein-Buergernetz-Ansbach-Netz e.V. #
> > > ################################################
> > > # Server-URL: www.an-netz.baynet.de #
> > > # #
> > > # SysAdmin: #
> > > # Felix Risling <felix@an-netz.baynet.de> #
> > > # Thomas Goebel <thomas@an-netz.baynet.de> #
> > > ################################################
> > >
> >
> > --
> > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Fri Oct 06 2000 - 00:23:00 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:42 MST