Hello I'm now testing over 3 days to get user auth integrated in my squid. First I startet with smb and know I'am testing ntlm_auth.
I have all installed like written at: http://itmanagers.net/documents-index-walkthroughs-'Linux@Samba'.html
First here is my samba.conf
log file = /var/log/samba/%m.log
smb passwd file = /etc/samba/smbpasswd
load printers = yes
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
obey pam restrictions = yes
wins server = 10.131.0.15
encrypt passwords = yes
passwd program = /usr/bin/passwd %u
dns proxy = no
server string = Virenscanner
printing = lprng
unix password sync = yes
workgroup = heumann
os level = 20
printcap name = /etc/printcap
security = ads
password server = Z009426
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
#winbind seperator = \
realm = HEUMANN.LOCAL
winbind use default domain = yes
template shell = /bin/bash
template homedir = /home/%D/%U
max log size = 0
pam password change = yes
I've configured Squid like following:
./configure --prefix=/usr --datadir=/usr/share --localstatedir=/var --sysconfdir=/etc/squid --infodir=/usr/share/info --mandir=/usr/share/man --enable-snmp --enable-ssl --enable-auth=ntlm,basic --enable-basic-auth-helpers=winbind --enable-ntlm-auth-helpers=winbind --enable-external-acl-helpers=winbind_group,wbinfo_group
my squid.conf lokk this:
http_port 81
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain HEUMANN.LOCAL/Z009426
auth_param ntlm children 10
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 20 minute
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --domain HEUMANN.LOCAL/Z009426
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl allowed_clients src 10.131.0.2 10.131.0.4 10.131.0.15 10.131.0.16 10.131.0.17 10.131.0.18 10.131.0.62
acl banned_sites url_regex ficken Ficken Fick fick Livefick Fickbilder Ficker Muschi Fotze Fotzensaft blasen sex oral anal Sex XXX Sperma Pussy
acl domainusers proxy_auth REQUIRED
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny banned_sites
http_access allow allowed_clients
http_access deny !allowed_clients
http_access allow domainusers
# And finally deny all other access to this proxy
http_access deny all
I thinks thats the important part.
test like wbinfo -u and
[root@Schmutzfink root]# ntlm_auth --username=Kindt
password:
NT_STATUS_OK: Success (0x0)
[root@Schmutzfink root]#
works fine
But in the access.log there is only the ip of my terminal server but I want the Username.
in the cache.log is a error:
2003/09/26 10:47:55| Waiting 30 seconds for active connections to finish
2003/09/26 10:47:55| FD 7 Closing HTTP connection
[2003/09/26 10:48:18, 1] utils/ntlm_auth.c:manage_squid_request(1042)
fgets() failed! dying..... errno=0 (Success)
[2003/09/26 10:48:18, 1] utils/ntlm_auth.c:manage_squid_request(1042)
and this for 20 times.
and /usr/libexec/wb_auth gets the folloing error:
[root@Schmutzfink libexec]# ./wb_auth
/wb_auth[3718](wb_basic_auth.c:160): Can't contact winbindd. Dying
[root@Schmutzfink libexec]#
Please help me to get the Username in the Logfile!!!
With best regards
-------------------------------------------------
Sebastian Kindt
c/o Heumann + Partner StBG
Finkenpforte 1
32657 Lemgo
Tel.: +49 (5261) 94 98 26
Fax: +49 (5261) 94 98 10
mailto:s.kindt@heumann-stbg.de
Web: www.heumann-stbg.de
Received on Fri Sep 26 2003 - 05:20:14 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:02 MST