Dear all,
My squid version is : squid-2.5.STABLE5
The winbind I am using is : samba-3.0.4
Basically I already can authenticate using Samba :
[root@mx logs]# /usr/local/samba/bin/wbinfo -t
checking the trust secret via RPC calls succeeded
[root@mx logs]# /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
mydomain+myuser mypassword
OK
Here is the configuration of my squid.conf :
auth_param basic program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl fool proxy_auth REQUIRED
acl all src 0/0
http_access allow fool
http_access deny all
When I browse using IE 6.0, I got the authentication windows, I type
MYDomain\myuser and password, but I always got denied :
ERROR
Cache Access Denied
------------------------------------------------------------------------
--------
While trying to retrieve the URL: http://www.google.com/
The following error was encountered:
Cache Access Denied.
Sorry, you are not currently allowed to request:
http://www.google.com/from this cache until you have authenticated
yourself.
You need to use Netscape version 2.0 or greater, or Microsoft Internet
Explorer 3.0, or an HTTP/1.1 compliant browser for this to work. Please
contact the cache administrator if you have difficulties authenticating
yourself or change your default password.
------------------------------------------------------------------------
--------
Generated Tue, 22 Jun 2004 02:02:06 GMT by squid/2.5.STABLE5
In access.log :
1087869178.580 502 10.32.4.45 TCP_DENIED/407 1714 GET
http://www.google.com/
MyDomain\myuser NONE/- text/html
1087869182.556 969 10.32.4.45 TCP_DENIED/407 1714 GET
http://www.google.com/
MyDomain\myuser NONE/- text/html
Any one can help me ???
Thank you.
Regards,
Herman
> -----Original Message-----
> From: Adam Aube [mailto:aaube01@baker.edu]
> Sent: 07 Juni 2004 1:48
> To: squid-users@squid-cache.org
> Subject: [squid-users] Re: Winbind authentication
>
> Herman (ISTD) wrote:
>
> > I am using winbind authentication with squid. So far, windbind
> > authentication to single Domain has no problem. But in our
environment,
> > the users using squid are distributed on two different domains, so I
> > need winbind to be able to authenticate to two different Domains.
> >
> > Does anyone ever try this before? I would appreciate very much if
you
> > can share your experiences with me.
>
> If you can link Samba correctly to all the domains, then the Winbind
> helper
> will work fine. Since this is really a Samba issue, the best sources
of
> help will be the Samba docs and the Samba list.
>
> Adam
Received on Mon Jun 21 2004 - 20:15:21 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:03 MDT