Hi, i tried this too with samba 3 and squid 2.5STABLE4 and i cant get it to work too. i use the pam modules to match samba and squid users for yet.( but it is not the kings way ) Best Regards ----- Original Message ----- From: "Jim Richey" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 29, 2003 7:31 PM Subject: [Samba] [Fwd: [squid-users] NTLM Authentication Problem]
> I submited this to the Squid list, but I got no response which I assume > means that no one has any suggestions. Can anyone give me a clue as to > what I have configured incorrectly. Thanks. > > > -------- Original Message -------- > Subject: [squid-users] NTLM Authentication Problem > Date: Tue, 28 Oct 2003 11:34:29 -0500 > From: Jim Richey <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > > > > I'm having a problem getting NTLM authentication working between Squid > 2.5STABLE4 and Samba 3.0.0 running on Slackware Linux 2.4.18. I've read the > archives, faq, how-to, walk-thru, etc, and believe I have everthing > correctly configured. I'm using the helper that is part of Samba 3.0, > not the Squid helper. Basic authentication works fine with the helper, > but I cannot get ntlmssp working. > > I set group read,execute access to the winbind pipe directory and full > read,write,execute on the pipe itself. > drwxr-x--- 2 root squid 72 Oct 27 21:21 winbindd_privileged/ > > srwxrwxrwx 1 root root 0 Oct 27 21:21 pipe= > > I have samba configured with ads but am not using it. I joined the > domain with rpc and am using security=domain in smb.conf. > > The wbinfo commands work fine: > #wbinfo -t > checking the trust secret via RPC calls succeeded > > #wbinfo -a TSTDOM\\testuser%testpass > plaintext password authentication succeeded > challenge/response password authentication succeeded > > I can also authenticate successfully with the helper from the command line: > #ntlm_auth --username testuser --password testpass > NT_STATUS_OK: Success (0x0) > > However, when I try to use ntlm authentication from a browser I get this > in cache.log: > [2003/10/28 10:43:41, 10] utils/ntlm_auth.c:manage_squid_request(1061) > Got 'YR' from squid (length: 2). > [2003/10/28 10:43:41, 10] > utils/ntlm_auth.c:manage_squid_ntlmssp_request(312) > got NTLMSSP packet: > [2003/10/28 10:43:41, 10] > utils/ntlm_auth.c:manage_squid_ntlmssp_request(322) > NTLMSSP challenge > > IE 6.0 SP1 get's a The page Cannot be displayed error. Mozilla 1.5 gives the login popup, > but after entering user id and password returns the Cache Access Denied page. > > > Squid configured with: > > Squid Cache: Version 2.5.STABLE4 > configure options: --enable-async-io --enable-storeio=ufs,aufs > --enable-auth=ntlm,basic --enable-removal-policies > --enable-cache-digests --enable-kill-parent-hack --disable-ident-lookups > > > authentication in squid.conf configured as: > > auth_param ntlm program /usr/local/samba/bin/ntlm_auth -d 10 > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 5 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 2 minutes > # > auth_param basic program /usr/local/samba/bin/ntlm_auth -d 10 > --helper-protocol=squid-2.5-basic > auth_param basic children 5 > auth_param basic realm Highmark Proxy Server > auth_param basic credentialsttl 2 hours > > acl internet proxy_auth REQUIRED > http_access allow internet > http_access deny all > > > samba configured with: > --with-winbind --with-winbind-auth-challenge --with-libsmbclient > --with-ads --with-krb5=/usr/local > > > smb.conf configuration: > > [global] > workgroup = TSTDOM > netbios name = squidtest > server string = squidtest > security = domain > encrypt passwords = yes > smb passwd file = /usr/local/samba/private/smbpasswd > load printers = yes > log file = /usr/local/samba/var/log.%m > max log size = 50 > password server = pwdserver > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > local master = no > domain master = no > preferred master = no > wins support = no > idmap uid = 10000-65000 > idmap gid = 10000-65000 > winbind enum users = yes > winbind enum groups = yes > template homedir = /home/%D/%U > template shell = /bin/sh > winbind use default domain = yes > > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
