On Fri, 30 May 2003 09:35 am, Gareth Walters wrote:
> G'day all,
>
> I am setting up a new web proxy/cache using squid and I am trying to get
> authentication working with squid from winbind.
>
> The reasoning behind it was to avoid the username/password dialog for web
> access but still force authentication.
>
>
> The problem I am finding is after following the instructions at,
> http://www.squid-cache.org/Doc/FAQ/FAQ-23.html
>
> It doesn't work.
> I can use wbinfo (even successfully test authenticating a user) and
> everything checks out ok I can even get the list of users from the domain
> via "getent passwd"
>
> But every auth request in squid fails and I cannot work out why as there
> doesn't seem to be any more tests/debugging I can do.
>
> Has anyone got this working?
> Is there a better way to do this?
>
>
> TIA
>
> ---Gareth Walters
Yeh it took me 3 days (on and off) to get squid+winbind (authenticating to a
Win2K in^H^HActive Directory) working on FreeBSD. You ask if there is any
additional testing you can do. Here are my suggestions:
1. Did you test the "wb_auth" helper as described in the URL you gave in
your original message? What was the result? (FAQ-23: Section 23.5, scroll
down to "Configure Squid" and just below that is "Test the helpers").
Remember "wb_auth" is a squid helper whereas "wbinfo" is a SAMBA
component...dont confuse the two ;) If wb_auth doesn't exist, you need to
compile squid with winbind options.
2. Did you build squid with *ALL* of these?:
--enable-auth="ntlm,basic"
--enable-basic-auth-helpers="winbind"
--enable-ntlm-auth-helpers="winbind"
3. What is in your squid.conf file? Did you add the authenticator lines
_exactly_ as on the FAQ-23 page?
4. Did you restart squid after editing squid.conf?
5. After restarting squid and testing with a browser what is in squid's
"access.log" (usually in /var/log/ or /var/log/squid/)?. What browser are
you testing with? What does it say? How are you logging in with the
browser? I've had instances where the triple field dialogue box in windows
with IE doesn't work as expected. You are asked for
username/password/domain but it wot authenticate. BUT if you enter
"domain\user" in the username field, and leave the domain field blank
(password as normal) it will authenticate. After that you can use all 3
fields again. I've never figured out why IE does this occasionally, but it
seems to be after people leave a session idle for a long time, but not
always.
That's about all I can think of at the moment. You've done the hard part;
winbind is working! :-) Squid "Just Works (tm)" if you compile and
configure it per FAQ-23 (23.5 specifically)....did you miss/skip something?
Cheers,
James
_________________________
A random quote of nothing:
Noise proves nothing. Often a hen who has merely laid an egg cackles
as if she laid an asteroid.
-- Mark Twain
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
