Re: [squid-users] Fw: Re: Re: Re: More NTLM Problems

[Tim Neto]

Could this be a iptables (lokkit) issue?  The access denied could be a clue.
Try stripping all control ACLs from your squid.conf file.  Run Squid as 
just an open proxy relay for a moment to test.  See if Squid is the 
"access" denied or is there another service in the OS causing the access 
denied.

Tim
-----------------------------------------------------------
Timothy E. Neto
Computer Systems Engineer         Komatsu Canada Limited
Ph#: 905-625-6292 x265            1725B Sismet Road
Fax: 905-625-6348                 Mississauga, Canada
E-Mail: [EMAIL PROTECTED]          L4W 1P9
-----------------------------------------------------------

Johnny Doe wrote:
I'm not sure whats going on.  I just put a clean
fedora 2 install on the box and I am getting the same
exact problem.  I have no idea what I'm doing wrong
but there is def something wrong.  The only thing I
find wierd is that I am trying to use this with
dansguardian and if I stop dansguardian and comment
out the auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp it still doenst
let me out.  I keep getting denied in the access log.
--- Adam Aube <[EMAIL PROTECTED]> wrote:
 

Please reply to the list and not to me personally.
Johnny Doe wrote:
   

--- Adam Aube <[EMAIL PROTECTED]> wrote:
     

Since you didn't explicitly show it, I'm going to
       

guess that you did a
   

"su squid" before running wbinfo. 
       

Have you added any winbind lines to nsswitch.conf
       

or PAM? If all you are
   

using winbind for is Squid integration with a
       

Windows domain, you don't 
   

need those lines and can take them out. 
       

Just to be thorough, can you post your smb.conf
       

file and the output of
   

"squid -v"?
       

Yes I did su over to squid before running that
     

command.  I'm not sure you
   

ment by the if I changed pam but here is the squid
     

file from
   

the /etc/pam.d 
     

#%PAM-1.0
auth            required        pam_stack.so 
     

service=system-auth
   

account         required        pam_stack.so 
     

service=system-auth
   

Here is a copy of my nsswitch.conf
     

passwd:     files nisplus
shadow:     files nisplus
group:      files nisplus
hosts:      files nisplus dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind nisplus
rpc:        files
services:   files winbind nisplus
netgroup:   files winbind nisplus
publickey:  nisplus
automount:  files winbind nisplus
aliases:    files nisplus
     

smb.conf
     

[global]
  workgroup = SMC
  server string = SMCSquid Samba Server
  winbind uid = 10000-20000 
  winbind gid = 10000-20000 
  winbind enum users = yes 
  winbind enum groups = yes 
  template homedir = /home/winnt/%D/%U 
  template shell = /bin/bash 
  printcap name = /etc/printcap 
  load printers = yes 
  log file = /var/log/samba/%m.log 
  max log size = 50 
  security = domain 
  password server = smcnt3 
  encrypt passwords = yes 
  smb passwd file = /etc/samba/smbpasswd 
  unix password sync = Yes 
  passwd program = /usr/bin/passwd %u 
  passwd chat = *New*UNIX*password* %n\n
     

*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
   

  socket options = TCP_NODELAY SO_RCVBUF=8192
     

SO_SNDBUF=8192 
   

  local master = no 
  os level = 33 
  dns proxy = no 
  idmap uid = 16777216-33554431 
  idmap gid = 16777216-33554431 
  template shell = /bin/bash 
  winbind use default domain = yes 
  password server = smcnt3 
[homes] 
  comment = Home Directories
   browseable = no 
   writable = yes 
[printers]
   comment = All Printers
   path = /var/spool/samba 
   browseable = no 
   guest ok = no 
   writable = no 
   printable = yes 
     

squid -v
Squid Cache: Version 2.5.STABLE5
configure options:  --host=i386-redhat-linux
     

--build=i386-redhat-linux 
   

--target=i386-redhat-linux-gnu --program-prefix=
     

--prefix=/usr
   

--exec-prefix=/usr --bindir=/usr/bin
     

--sbindir=/usr/sbin --sysconfdir=/etc
   

--datadir=/usr/share --includedir=/usr/include
     

--libdir=/usr/lib
   

--libexecdir=/usr/libexec --localstatedir=/var
     

--sharedstatedir=/usr/com 
   

--mandir=/usr/share/man --infodir=/usr/share/info
     

--exec_prefix=/usr
   

--bindir=/usr/sbin --libexecdir=/usr/lib/squid
     

--localstatedir=/var 
   

--sysconfdir=/etc/squid --enable-poll
     

--enable-snmp 
   

--enable-removal-policies=heap,lru
--enable-storeio=aufs,coss,diskd,null,ufs
     

--enable-ssl
   

--with-openssl=/usr/kerberos --enable-delay-pools 
     

   

--enable-linux-netfilter --with-pthreads
--enable-ntlm-auth-helpers=SMB,winbind  

     

--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group,
 

winbind_group  
--enable-auth=basic,ntlm
     

--with-winbind-auth-challenge 
   

--enable-useragent-log --enable-referer-log
     

--disable-dependency-tracking
   

--enable-cachemgr-hostname=localhost
     

--disable-ident-lookups
   

--enable-truncate  --enable-underscores
     

--datadir=/usr/share
   

--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,
 

multi-domain-NTLM,SASL,winbind 
     

   


	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail