Hi all,
I am having trouble getting ntlm authentication to work!!
Have installed winbind and it tests OK.
Have finally worked out how to compile Squid with ntlm support.
wb_group (see below) works from the command line and returns OK if I give it
a user name and group (wwwusers) - doesn't if I include the domain name
({domain\\user group} does not work whereas {user group} does).
I am not sure I compiled wb_group correctly as I could not find
instructions, but simply found what looked like the appropriate
sub-directory from squid/helpers and ran 'Makes' until it appeared then
copied it to /usr/local/squid/libexec.
A username/password/Domain login popup comes up when I attempt to access a
site, but always the username and password are rejected and it comes back a
couple of times before giving the access denied screen.
These are my Squid compile options form -v:
Squid Cache: Version 2.5.STABLE1-20030123
configure
options: --enable-auth=ntlm --enable-basic-auth-helpers=SMB --enable-ntlm-a
uth-helpers=winbind --enable-external-acl-helpers=wbinfo_group
This is the relevant parts of the conf file:
auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
external_acl_type wb_group %LOGIN /usr/local/squid/libexec/wb_group
acl winauth external wb_group wwwusers
acl password proxy_auth REQUIRED (makes no difference if this is inlcuded or
not)
and later in the http:access lists:
http_access deny !winauth (makes no difference if I change to 'allow
winauth')
If I run Squid with -d 2 I find these scrolling across the screen: ( No
matter what I change the http_access to be)
The request GET
http://scoreboard.ausopen.org/en_AU/scores/java/javascor3.dat is DENIED,
because it matched 'winauth'
_________________________________________
Simon Bryan
IT Manager
OLMC Parramata
ICQ#: 137562751
_________________________________________
Received on Thu Jan 23 2003 - 20:45:11 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:49 MST