RE: [squid-users] Winbind authentication cannot work on squid

From: Tanzer GENC <tanzer@dont-contact.us>
Date: Tue, 22 Jun 2004 08:41:24 +0300

Hello,
Please check squid's cache.log.It will give an idea to us.
Could you try to authenticate with another a browser. It should be an
permission problem in /var/cache/samba/winbind_privileged directory.
İf it's a permission problem in winbind_privileged directory you must apply
commands below, chmod 750 /var/cache/samba/winbind_privileged
chgrp squid /var/cache/samba/winbind_privileged
There is a good information
http://informatik.asn-graz.ac.at/modules.php?name=News&file=article&sid=2710
adress.

Tanzer GENC

-----Original Message-----
From: Herman (ISTD) [mailto:herman_ang@toyota.co.id]
Sent: Tuesday, June 22, 2004 5:14 AM
To: squid-users@squid-cache.org
Subject: [squid-users] Winbind authentication cannot work on squid
Importance: High

Dear all,

My squid version is : squid-2.5.STABLE5
The winbind I am using is : samba-3.0.4

Basically I already can authenticate using Samba :

[root@mx logs]# /usr/local/samba/bin/wbinfo -t checking the trust secret via
RPC calls succeeded [root@mx logs]# /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
mydomain+myuser mypassword
OK

Here is the configuration of my squid.conf :
auth_param basic program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param
basic realm Squid proxy-caching web server auth_param basic credentialsttl 2
hours acl fool proxy_auth REQUIRED acl all src 0/0 http_access allow fool
http_access deny all

When I browse using IE 6.0, I got the authentication windows, I type
MYDomain\myuser and password, but I always got denied :

ERROR
Cache Access Denied

------------------------------------------------------------------------
--------

While trying to retrieve the URL: http://www.google.com/

The following error was encountered:

Cache Access Denied.

Sorry, you are not currently allowed to request:

    http://www.google.com/from this cache until you have authenticated
yourself.

You need to use Netscape version 2.0 or greater, or Microsoft Internet
Explorer 3.0, or an HTTP/1.1 compliant browser for this to work. Please
contact the cache administrator if you have difficulties authenticating
yourself or change your default password.

------------------------------------------------------------------------
--------

Generated Tue, 22 Jun 2004 02:02:06 GMT by squid/2.5.STABLE5

In access.log :

1087869178.580 502 10.32.4.45 TCP_DENIED/407 1714 GET
http://www.google.com/
MyDomain\myuser NONE/- text/html
1087869182.556 969 10.32.4.45 TCP_DENIED/407 1714 GET
http://www.google.com/
MyDomain\myuser NONE/- text/html

Any one can help me ???

Thank you.

Regards,

Herman

> -----Original Message-----
> From: Adam Aube [mailto:aaube01@baker.edu]
> Sent: 07 Juni 2004 1:48
> To: squid-users@squid-cache.org
> Subject: [squid-users] Re: Winbind authentication
>
> Herman (ISTD) wrote:
>
> > I am using winbind authentication with squid. So far, windbind
> > authentication to single Domain has no problem. But in our
environment,
> > the users using squid are distributed on two different domains, so I
> > need winbind to be able to authenticate to two different Domains.
> >
> > Does anyone ever try this before? I would appreciate very much if
you
> > can share your experiences with me.
>
> If you can link Samba correctly to all the domains, then the Winbind
> helper will work fine. Since this is really a Samba issue, the best
> sources
of
> help will be the Samba docs and the Samba list.
>
> Adam
Received on Mon Jun 21 2004 - 23:39:53 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:03 MDT