I am running squid-2.5.STABLE4 and Samba using winbind NTLM authentication...
When i try to access a site i see in the logs that it is infact sending the
domain and username... But when i try to access a site with NTLM
authentication i get TCP MISS 401... What am i doing wrong? and why does
squid need to send the domain and user info for every site... Any help would
be nice.. :-)
Thanks in advance
-- Kaan Here is the setup Squid configure: ./configure --prefix=/usr/local/squid-ntlm --disable-wccp --enable-snmp --disable-ident-lookups --enable-underscores '--enable-auth=basic ntlm' '--enable-basic-auth-helpers=SMB MSNT' --enable-ntlm-auth-helpers=winbind Samba configure: ./configure --with-winbind --with-winbind-auth-challenge Wbinfo works perfectly... Here is my Squid Conf: --snip # squid conf file # ------------------------------- # Network options # ------------------------------- http_port 4040 icp_port 4141 acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY # ------------------------------- # Cache Neighbour options # ------------------------------- #cache_peer machinename.domain.com parent 4040 3130 # ------------------------------- # Cache size options # ------------------------------- maximum_object_size 4096 KB minimum_object_size 0 KB maximum_object_size_in_memory 512 KB # ------------------------------- # Cache dir & logging options # ------------------------------- cache_dir ufs /cache 8192 16 256 pid_filename /var/lock/squid-cache.pid debug_options all, 5 #-------------------------------- # NTLM OPTIONS auth_param ntlm program /usr/local/squid-ntlm/libexec/ntlm_auth #authenticate_program_ntlm #authenticate_children_ntlm 5 #auth_param ntlm program /usr/local/squid-ntlm/libexec/wb_ntlmauth auth_param ntlm children 10 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes # ------------------------------- # options for external support programs # ------------------------------- ftp_user squid@machinename.domain.com ftp_list_width 64 ftp_passive on # ------------------------------- # Cache tuning options # ------------------------------- # REM - MRV - all these numbers are done on the basis of a T1 line having # 25 users on it, giving a viable request bandwidth of 5.5kb/sec quick_abort_min 22 Kb quick_abort_max 100 Kb quick_abort_pct 75 # ------------------------------- # Cache admin options # ------------------------------- cache_mgr sysadmins@domain.com cache_effective_user squid cache_effective_group squid visible_hostname machinename.domain.com # ------------------------------- # Cache misc options # ------------------------------- append_domain .domainname #chroot enable pipeline_prefetch on # ------------------------------- # Cache ACL options # ------------------------------- acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src "IPAdress" acl AuthorizedUsers proxy_auth REQUIRED acl AnotherPlace src "IPAdress" acl Place src "IPAdress" acl Place-no-nat src "IPAdress" acl urldenied url_regex "/usr/local/squid-ntlm/etc/urldenied" acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny urldenied http_access allow all AuthorizedUsers http_access allow AnotherPlace http_access allow Place http_access allow Place-no-nat http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all icp_access allow all # ------------------------------- [eof]Received on Fri Nov 14 2003 - 12:42:42 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:19 MST