OK I figured out the previous problem, the Squid-2.5STABLE7-Cerberian
RPM that I had installed didn't have --enable-auth=ntlm in there, only
basic. So I recompiled from 2.5STABLE7 source with basic and ntlm and my
modified configuration parsed ok.
But now that I have enabled the NTLM and have required authentication, I
am still not getting any usernames in the logs. Thus I must assume that
the NTLM is not working, and so squid_ldap_group is not receiving any
usernames either and thus failing the authorisation for any user.
The essential bits that I have enabled which should get this working are
as follows:
auth_param ntlm program /usr/lib/squid/fakeauth_auth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
and then later on:
acl password proxy_auth REQUIRED
I also have an external_acl_type line for squid_ldap_group which I have
already tested successfully, an acl line to specify the LDAP group and
an http_access line to wrap it all up. I don't understand why it isn't
working as I had the exact same configuration working here on another
test box...
Any help would be appreciated!
Oliver
P.S. I seem to get a lot of rejection messages to do with my Gmail
account and mail filters... does anyone else have the same problem?
Received on Thu Feb 03 2005 - 15:16:59 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST