Re: [squid-users] NTLM auth with ubuntu

From: Adrian Chadd <adrian@dont-contact.us>
Date: Thu, 28 Dec 2006 08:38:52 +0800

On Wed, Dec 27, 2006, Craig Van Tassle wrote:
> Hello list.
>
> I have been trying to get NTLM authentication working with squid and winbind
> under ubuntu 6.10. I can get user names and account with winbind, I can even try
> using a domain user to login and I see this in my logs.
> Dec 27 13:00:06 proxy pam_winbind[6734]: user 'domainuser' granted access
>
> The proxy works well if I have no authentication, however if I try to put
> authentication in place, I get asked for the user name and password 3 time then
> I get kicked out to a cache access denied page saying I cant access anything
> until I authenticate to the proxy. According to what I have found on line my
> setup should be correct. Any help would be appreciated.

The Squid Wiki has an example for NTLM auth under Ubuntu:

http://wiki.squid-cache.org/ConfigExamples/WindowsAuthenticationNTLM

The first thing to check is whether you've configured samba/kerberos/winbind to be
'right' - use 'wbinfo -t' to check; wbinfo -u to list users.

> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny porn
> http_access deny virus
> http_access deny radio
> http_access deny phish
> http_access allow internal_src

You want this to be something like 'allow auth', not 'deny !auth', although I suspect
it'll do the same thing..

> #http_access deny !auth
> always_direct allow internal_dst
> #http_access deny all
> #http_reply_access allow all
> miss_access allow all
> icp_access deny all
> coredump_dir /var/spool/squid

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
Received on Wed Dec 27 2006 - 17:36:00 MST

This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST