Norman Zhang wrote:I'm running Squid-2.5.STABLE4-1.100mdk with samba-server-3.0.2a-3mdk. When I tried to go the internet, I see the following in /var/log/syslog
Jun 9 17:06:07 proxy (squid): authenticateNTLMHandleReply: called with no result string Jun 9 17:06:07 proxy squid[1571]: Squid Parent: child process 2617 exited due to signal 6
auth_param ntlm program /usr/lib/squid/wb_ntlmauth external_acl_type NT_global_group %LOGIN /usr/lib/squid/wb_group
Those are the NTLM and group helpers you use with Samba 2.2.x. For Samba 3 you need to use Samba's built-in ntlm_auth helper for basic/NTLM auth and the wbinfo_group group helper (which comes with Squid).
Thanks. I have switched to /usr/lib/ntlm_auth, but I can't find wbinfo_group but only wb_group with squid-2.5.STABLE4. May I ask what am I missing?
[EMAIL PROTECTED] squid]# slocate ntlm_auth /usr/share/man/man1/ntlm_auth.1.bz2 /usr/share/doc/squid-2.5.STABLE4/README.no_check_ntlm_auth /usr/share/swat/help/ntlm_auth.1.html /usr/bin/ntlm_auth /usr/lib/squid/ntlm_auth
[EMAIL PROTECTED] squid]# rpm -q squid squid-2.5.STABLE4-1.100mdk [EMAIL PROTECTED] squid]# rpm -q samba-server samba-server-3.0.2a-3mdk
[EMAIL PROTECTED] squid]# ls /usr/lib/squid/ cachemgr.cgi* fakeauth_auth* ncsa_auth* smb_auth.pl* wb_auth* digest_pw_auth* getpwname_auth* ntlm_auth* smb_auth.sh* wb_group* diskd* icons/ pam_auth* squid_ldap_auth* wb_ntlmauth* errors/ msnt_auth* smb_auth* unlinkd* yp_auth*
cache_mgr [EMAIL PROTECTED] hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 16 MB cache_dir ufs /var/spool/squid 200 16 256 cache_peer 127.0.0.1 parent 80 7 default no-query acl binaries urlpath_regex -i \.exe$ \.zip$ \.vbs$ \.gz$ cache_peer_access 127.0.0.1 allow binaries never_direct allow binaries
ftp_user [EMAIL PROTECTED] #auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp #auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic auth_param ntlm program /usr/bin/ntlm_auth auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes
external_acl_type NT_global_group %LOGIN /usr/lib/squid/wb_group
acl ProxyUsers external NT_global_group ProxyUsers acl authusrs proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl webmin port 10000 20000 # webmin, usermin acl CONNECT method CONNECT acl localnet dst 192.168.11.0/26 192.168.22.0/25 acl arkonweb dst 207.34.136.4 207.34.136.5 207.34.136.7 acl pdfgrab browser WebCapture acl realplay browser RealMedia acl ssread browser SSDOWNLOAD acl ssread browser SSREADER
http_access allow manager localhost http_access deny manager http_access allow CONNECT webmin http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow arkonweb http_access allow pdfgrab http_access allow realplay http_access allow ssread http_access allow authusrs ProxyUsers http_access allow localhost http_access deny all
icp_access allow all
I'm still seeing the following in /var/log/syslog
Jun 11 13:31:13 proxy winbindd[1354]: [2004/06/11 13:31:13, 0] nsswitch/winbindd.c:process_loop(726)
Jun 11 13:31:13 proxy winbindd[1354]: process_loop: Invalid request size from pid 7270: 1304 bytes sent, should be 1568
Jun 11 13:31:13 proxy winbindd[1354]: This usually means that you are running old wbinfo, pam_winbind or libnss_winbind clients
Regards, Norman
