Thank's Rob, I have located the winbind pipe directory, will try it later for winbind authentication. However actually what is the function of the pipe ? I think I cannot find this information on squid FAQ.
Regards, herman > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: 14 Juli 2004 7:56 > To: Herman (ISTD) > Subject: RE: [squid-users] Re: One step away from getting winbind > authentication working... > > Herman, > > I can't remember it's location, but I found the winbind_privileged > directory by > doing a > > #locate pipe > > When I set the permissions correctly on the winbind_privileged directory > squid > authenitation worked perfectly. > > I have since rolled back to using samba-2.2.9 because I found that the > external > acl helpers didn't work with samba-3 because they where still based upon > samba-2 code. Now using Samba 2.2.9 I can authenticate users to the NT4 > PDC, and > create acls based upon the NT user groups. > > Regards, > Rob Hadfield > > Quoting "Herman (ISTD)" <[EMAIL PROTECTED]>: > > > Dear Adam and Rob, > > > > I also faced the same obstacle when authenticating with winbind. Till > > now, I haven't got the solution yet. Here is my thread : > > > > However Adam, I have read the FAQ about the winbind_privileged pipe > > (chgrp squid /path/to/winbind_privileged) but I can't find the directory > > both on samba or squid directory. Where does the directory reside ? > > > > > > -------------------------- > > Dear all, > > > > My squid version is : squid-2.5.STABLE5 > > The winbind I am using is : samba-3.0.4 > > > > Basically I already can authenticate using Samba : > > > > [EMAIL PROTECTED] logs]# /usr/local/samba/bin/wbinfo -t checking the trust secret > > via RPC calls succeeded [EMAIL PROTECTED] logs]# /usr/local/samba/bin/ntlm_auth > > --helper-protocol=squid-2.5-basic > > mydomain+myuser mypassword > > OK > > > > Here is the configuration of my squid.conf : > > auth_param basic program /usr/local/samba/bin/ntlm_auth > > --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param > > basic realm Squid proxy-caching web server auth_param basic > > credentialsttl 2 hours acl fool proxy_auth REQUIRED acl all src 0/0 > > http_access allow fool http_access deny all > > > > When I browse using IE 6.0, I got the authentication windows, I type > > MYDomain\myuser and password, but I always got denied : > > > > ERROR > > Cache Access Denied > > > > ------------------------------------------------------------------------ > > -------- > > > > While trying to retrieve the URL: http://www.google.com/ > > > > The following error was encountered: > > > > Cache Access Denied. > > > > Sorry, you are not currently allowed to request: > > > > http://www.google.com/from this cache until you have authenticated > > yourself. > > > > You need to use Netscape version 2.0 or greater, or Microsoft Internet > > Explorer 3.0, or an HTTP/1.1 compliant browser for this to work. Please > > contact the cache administrator if you have difficulties authenticating > > yourself or change your default password. > > > > > > > > ------------------------------------------------------------------------ > > -------- > > > > Generated Tue, 22 Jun 2004 02:02:06 GMT by squid/2.5.STABLE5 > > > > In access.log : > > > > 1087869178.580 502 10.32.4.45 TCP_DENIED/407 1714 GET > > http://www.google.com/ > > MyDomain\myuser NONE/- text/html > > 1087869182.556 969 10.32.4.45 TCP_DENIED/407 1714 GET > > http://www.google.com/ > > MyDomain\myuser NONE/- text/html > > > > Any one can help me ??? > > > > Thank you. > > > > Regards, > > > > Herman > > > > > > > > > > > -----Original Message----- > > > From: Adam Aube [mailto:[EMAIL PROTECTED] > > > Sent: 07 Juni 2004 1:48 > > > To: [EMAIL PROTECTED] > > > Subject: [squid-users] Re: Winbind authentication > > > > > > Herman (ISTD) wrote: > > > > > > > I am using winbind authentication with squid. So far, windbind > > > > authentication to single Domain has no problem. But in our > > environment, > > > > the users using squid are distributed on two different domains, so I > > > > > > need winbind to be able to authenticate to two different Domains. > > > > > > > > Does anyone ever try this before? I would appreciate very much if > > you > > > > can share your experiences with me. > > > > > > If you can link Samba correctly to all the domains, then the Winbind > > > helper will work fine. Since this is really a Samba issue, the best > > > sources > > of > > > help will be the Samba docs and the Samba list. > > > > > > Adam > > > > > > > -----Original Message----- > > > From: Adam Aube [mailto:[EMAIL PROTECTED] > > > Sent: 08 Juli 2004 7:55 > > > To: [EMAIL PROTECTED] > > > Subject: [squid-users] Re: One step away from getting winbind > > > authentication working... > > > > > > [EMAIL PROTECTED] wrote: > > > > > > > I have followed the instructions in section 23.5 on > > > > http://www.squid-cache.org/Doc/FAQ/FAQ-23.html > > > > > > > I configured Samba Version 3.0.4 --with-winbind > > > > I have smbd, nmbd, and winbindd running and have tested winbindd > > user > > > > authentication successfully > > > > > > > I built squid: > > > > Squid Cache: Version 2.5.STABLE5-20040707 > > > > configure options: --enable-auth=ntlm,basic > > > > --enable-external-acl-helpers=wbinfo_group > > > > > > > and tested it without authentication - works fine. > > > > > > > I tested the Test the Samba-3.x helper - works fine > > > > > > > I added the relevant auth_param's and adjusted the acls in > > squid.conf - > > > no > > > > go :( > > > > > > > I use IE6.0 and it pops up a username/password prompt. > > > > I enter in my credentials - no go. > > > > I enter in my credentials with domain\username - no go. > > > > > > Did you try the "wbinfo -a username%password" test? Did both plaintext > > and > > > challenge-response authentication succeed? Did make sure the > > > winbind_privileged pipe is accessible by the user Squid runs as? > > > > > > Both of these are in the FAQ, but you made no mention of them. > > > > > > Adam > > > > > >
