[squid-users] Squid 2.5.STABLE1 and NTLM auth

Wed, 04 Feb 2004 04:56:53 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

I'm having problems to get Squid and NTLM auth running. My servers run
Red Hat Linux 9, squid-2.5.STABLE1 and samba-2.2.7a. I use the rpms
provided by Red Hat but I had to patch the squid rpm to include
- --enable-auth=basic,ntlm in configure line.

My smb.conf looks like this:

[global]
~        password server = *
~        security = domain
~        workgroup = testdomain
~        winbind separator = @
~        winbind uid = 10000-20000
~        winbind gid = 10000-20000
~        winbind enum users = yes
~        winbind enum groups = yes
~        interfaces = 192.168.115.1/24
~        encrypt passwords = yes

The system successfully joined to NT domain, wbinfo -t says
"Secret is good" and wbinfo -u lists the users on the NT server.

In squid.conf I added these lines:
auth_param ntlm program /usr/lib/squid/ntlm_auth -d testdomain/nt4-srv
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
acl AuthorizedUsers proxy_auth REQUIRED
http_access allow AuthorizedUsers

Now when a users that is authenticated in the NT domain tries to use the
proxy with IE I get these messages in cache.log and IE seems to hang:

ntlm-auth[19490](ntlm_auth.c:239): obtain_challenge: selecting
TESTDOMAIN\NT4-SRV (attempt #1)
ntlm-auth[19490](ntlm_auth.c:243): Reviving DC
ntlm-auth[19490](ntlm_auth.c:251): attempting challenge retrieval
ntlm-auth[19490](libntlmssp.c:119): Connecting to server NT4-SRV domain
TESTDOMAIN
ntlm-auth[19490](libntlmssp.c:126): Couldn't connect to SMB Server.
Error:The attempt to call the remote server failed. See protocol error info.
~        RFCNBE_BadName: NetBIOS name could not be translated to IP address.
ntlm-auth[19490](ntlm_auth.c:253): make_challenge retuned (nil)
ntlm-auth[19490](ntlm_auth.c:259): Marking DC as DEAD
ntlm-auth[19490](ntlm_auth.c:262): moving on to next controller

nmblookup resolves the IP of NT4-SRV without any problem. Does anybody
have an idea how to fix this problem?

Best regards.

- --
Dipl.-Ing. (FH) Bernd Bartmann <[EMAIL PROTECTED]>
I.S. Security and Network Engineer
SoHaNet Technology GmbH / Kaiserin-Augusta-Allee 10-11 / 10553 Berlin
Fon: +49 30 214783-44 / Fax: +49 30 214783-46

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAIN3ukQuIaHu84cIRApuRAKCKYQJsEVbltgFuObuVJGf1VMSZfQCcClPB
4mPSwX7h5VV/ck1M4alfa4Q=
=TgHU
-----END PGP SIGNATURE-----

Reply via email to