[squid-users] NTLM questions (sorry)

From: Gavin Hamill <[email protected]>
Date: Fri, 28 Mar 2003 09:46:52 -0000

Hullo again :)

My 'squiddlings' are continuing on the same theme as last time (limiting
certain users to certain websites), and while this works well using IP
addresses, the customer would like to tie it to Windows usernames.

And here the problem starts :)

I'm using the Debian 'unstable' package for squid 2.5.2 (March 18th 2003)
which contains a squid.conf containing ntlm configuration directives, and
the ntlm_auth program (along with many others) in /usr/lib/squid.

I've also set one of our Windows 2000 servers into Active Directory mode to
act as a PDC, but have not experienced any joy in even authenticating by
manually running the ntlm_auth program from the commandline, so I have yet
to get as far as configuring squid to use it!

When I was setting up the Win2000 Active Directory, it asked if I wanted to
use Win2000-only mode, or a mode that would work with NT4, but would be less
secure. Playing it safe re: compatibility, I choose the older mode hoping
it would increase my chances of success.

For example,

newwintermute:~# /usr/lib/squid/ntlm_auth BYTEL\\BYTEL-OFFICE
gdh mypassword
BH Helper detected protocol error
<etc.>

newwintermute:~# nmblookup BYTEL-OFFICE
querying BYTEL-OFFICE on 80.76.192.255
80.76.192.1 BYTEL-OFFICE<00>

I'm able to log into the BYTEL-OFFICE server on the console or using
Terminal Services, or even just browsing the Network Neighbourhood and
providing that user/pass combination when asked for it by the server.
Checking the Event Viewer in Win2000 doesn't yield any results - I was
hoping for 'malformed SMB packet' or similar...

I'm at a loss where to go next, and much googling and searching the mailing
list archives has brought up no solutions as yet.

Any ideas would be warmly received! :)

Kind regards,
Gavin.
Received on Fri Mar 28 2003 - 02:47:39 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:24 MST