Dear Adam and Rob, I also faced the same obstacle when authenticating with winbind. Till now, I haven't got the solution yet. Here is my thread :
However Adam, I have read the FAQ about the winbind_privileged pipe (chgrp squid /path/to/winbind_privileged) but I can't find the directory both on samba or squid directory. Where does the directory reside ? -------------------------- Dear all, My squid version is : squid-2.5.STABLE5 The winbind I am using is : samba-3.0.4 Basically I already can authenticate using Samba : [EMAIL PROTECTED] logs]# /usr/local/samba/bin/wbinfo -t checking the trust secret via RPC calls succeeded [EMAIL PROTECTED] logs]# /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-basic mydomain+myuser mypassword OK Here is the configuration of my squid.conf : auth_param basic program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl fool proxy_auth REQUIRED acl all src 0/0 http_access allow fool http_access deny all When I browse using IE 6.0, I got the authentication windows, I type MYDomain\myuser and password, but I always got denied : ERROR Cache Access Denied ------------------------------------------------------------------------ -------- While trying to retrieve the URL: http://www.google.com/ The following error was encountered: Cache Access Denied. Sorry, you are not currently allowed to request: http://www.google.com/from this cache until you have authenticated yourself. You need to use Netscape version 2.0 or greater, or Microsoft Internet Explorer 3.0, or an HTTP/1.1 compliant browser for this to work. Please contact the cache administrator if you have difficulties authenticating yourself or change your default password. ------------------------------------------------------------------------ -------- Generated Tue, 22 Jun 2004 02:02:06 GMT by squid/2.5.STABLE5 In access.log : 1087869178.580 502 10.32.4.45 TCP_DENIED/407 1714 GET http://www.google.com/ MyDomain\myuser NONE/- text/html 1087869182.556 969 10.32.4.45 TCP_DENIED/407 1714 GET http://www.google.com/ MyDomain\myuser NONE/- text/html Any one can help me ??? Thank you. Regards, Herman > -----Original Message----- > From: Adam Aube [mailto:[EMAIL PROTECTED] > Sent: 07 Juni 2004 1:48 > To: [EMAIL PROTECTED] > Subject: [squid-users] Re: Winbind authentication > > Herman (ISTD) wrote: > > > I am using winbind authentication with squid. So far, windbind > > authentication to single Domain has no problem. But in our environment, > > the users using squid are distributed on two different domains, so I > > need winbind to be able to authenticate to two different Domains. > > > > Does anyone ever try this before? I would appreciate very much if you > > can share your experiences with me. > > If you can link Samba correctly to all the domains, then the Winbind > helper will work fine. Since this is really a Samba issue, the best > sources of > help will be the Samba docs and the Samba list. > > Adam > -----Original Message----- > From: Adam Aube [mailto:[EMAIL PROTECTED] > Sent: 08 Juli 2004 7:55 > To: [EMAIL PROTECTED] > Subject: [squid-users] Re: One step away from getting winbind > authentication working... > > [EMAIL PROTECTED] wrote: > > > I have followed the instructions in section 23.5 on > > http://www.squid-cache.org/Doc/FAQ/FAQ-23.html > > > I configured Samba Version 3.0.4 --with-winbind > > I have smbd, nmbd, and winbindd running and have tested winbindd user > > authentication successfully > > > I built squid: > > Squid Cache: Version 2.5.STABLE5-20040707 > > configure options: --enable-auth=ntlm,basic > > --enable-external-acl-helpers=wbinfo_group > > > and tested it without authentication - works fine. > > > I tested the Test the Samba-3.x helper - works fine > > > I added the relevant auth_param's and adjusted the acls in squid.conf - > no > > go :( > > > I use IE6.0 and it pops up a username/password prompt. > > I enter in my credentials - no go. > > I enter in my credentials with domain\username - no go. > > Did you try the "wbinfo -a username%password" test? Did both plaintext and > challenge-response authentication succeed? Did make sure the > winbind_privileged pipe is accessible by the user Squid runs as? > > Both of these are in the FAQ, but you made no mention of them. > > Adam
