Re: Fwd: [squid-users] NTLM not working

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 12 Apr 2012 11:00:42 +1200

On 12.04.2012 10:16, Wladner Klimach wrote:
> On 11/04/2012 21:15, Wladner Klimach wrote:
>>
>> That's the options I pointed for authetincation:
>>
>> '--enable-auth=basic,digest,ntlm,negotiate'
>>
>> '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth'
>> '--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth'
>> '--enable-digest-auth-helpers=password,ldap,eDirectory'
>> '--enable-negotiate-auth-helpers=squid_kerb_auth'
>>
>> '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
>>
>> What am I missing?
>

Take a step back. Please post *all* of the auth_param lines from your
config.

What I am reading from your earlier mail is:

  * you saying "auth_param Negotiate ..." is setup. BUT ... cache.log
making no mention of it.

  * cache.log saying "auth_param Basic ..." was setup and working.

  * cache.log saying "auth_param NTLM ..." is not setup.

>
> From a compilation perspective you don't appear to be missing
> anything, but as I said I am not really familiar with that area -
> perhaps someone else with more knowledge can confirm?
>
> I presume the squid process has permissions to read from
> winbindd_privileged (in /var/lib/samba/ on my setup). I would expect
> to see other errors in your logs if there was a permission problem
> though.
>
> Have you tried just a plain ntlm_auth authenticator to see if that
> works?:
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 3
> auth_param ntlm keep_alive on
>
> Can you post your entire squid.conf?
>

Amos
Received on Wed Apr 11 2012 - 23:00:46 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 12 2012 - 12:00:03 MDT