[squid-users] Samba/squid Solaris 8 and wb_ntlmauth

From: Apostolou, Nicholas [IT] <[email protected]>
Date: Wed, 9 Apr 2003 13:08:43 +1000

Hi All,

I cannot get transparent authentication working with squid2.5STABLE2 and
Samba-2.2.8 running on Solaris 8.
 
I compiled Samba with these options --with-winbind-auth-challenge
--with-winbind --with-pam.

squid was compiled with # ./configure --prefix=/usr/local/squid
--enable-async-io --enable-snmp --with-aio --disable-wccp
--disable-ident-lookups --enable-auth=ntlm,basic
--enable-basic-auth-helpers=winbind --enable-ntlm-auth-helpers=winbind
--with-samba-sources=/usr/local/src/samba-2.2.8
Both were compiled using gcc 2.95.3.

I have posted this to the samba team who tell me that samba (wbinfo and
wb_auth) is working correctly.

Authentication using only the wb_auth program works well. When I try and
enable wb_ntlmauth squid crashes. It occasionally works and logs the
username in access.log

The output to the cache.log running in debug mode is below.

2003/04/09 13:06:30| aclMatchIp: '216.239.39.99' NOT found
2003/04/09 13:06:30| aclMatchAclList: returning 0
2003/04/09 13:06:30| aclCheck: checking 'http_access allow domainusers'
2003/04/09 13:06:30| aclMatchAclList: checking domainusers
2003/04/09 13:06:30| aclMatchAcl: checking 'acl domainusers proxy_auth
REQUIRED'
FATAL: Received Segment Violation...dying.
2003/04/09 13:06:30| storeDirWriteCleanLogs: Starting...
2003/04/09 13:06:30| WARNING: Closing open FD 50
2003/04/09 13:06:30| Finished. Wrote 357 entries.
2003/04/09 13:06:30| Took 0.0 seconds (8544.3 entries/sec).
CPU Usage: 0.370 seconds = 0.170 user + 0.200 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
(wb_ntlmauth)[24038](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0
(Error 0)
(wb_ntlmauth)[24039](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0
(Error 0)
(wb_ntlmauth)[24040](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0
(Error 0)
(wb_ntlmauth)[24041](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0
(Error 0)
(wb_ntlmauth)[24042](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0
(Error 0)
(wb_ntlmauth)[24047](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0
(Error 0)
(wb_ntlmauth)[24049](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0
(Error 0)
(wb_ntlmauth)[24051](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0
(Error 0)
(wb_ntlmauth)[24043](wb_ntlm_auth.c:273):
(wb_ntlmauth)[24053](wb_ntlm_auth.cfgets() failed! dying..... errno=:2730
((wb_ntlmauth)Error 0(wb_ntlmauth))
): [(wb_ntlmauth)(wb_auth)[(wb_ntlmauth)fgets() failed! dying.....
errno=24055[[(wb_auth)(wb_auth)(wb_auth)(wb_auth)(wb_auth)(wb_auth)(wb_auth)
(wb_auth)(wb_auth)24044(wb_ntlmauth)(wb_ntlmauth)(wb_ntlmauth)(wb_ntlmauth)(
wb_ntlmauth)(wb_ntlmauth)(wb_auth)(wb_auth)(wb_auth)(wb_auth)(wb_auth)(wb_au
th)(wb_auth)(wb_auth)(wb_auth)(wb_auth)[0
(](2405724059[[[[[[[[[]([[[[[[[[[[[[[[[[24045Error
0wb_ntlm_auth.c](](240612406324065240672406924070240722407524076wb_ntlm_auth
.c24046240482405024052240542405624058240602406224064240662406824071240732407
424077]()
:273wb_ntlm_auth.cwb_basic_auth.c](](](](](](](](](:273](](](](](](](](](](]
(](](](](](wb_ntlm_auth.c):
:273:110wb_basic_auth.cwb_basic_auth.cwb_basic_auth.cwb_basic_auth.cwb_basic
_auth.cwb_basic_auth.cwb_basic_auth.cwb_basic_auth.cwb_basic_auth.c):
wb_ntlm_auth.cwb_ntlm_auth.cwb_ntlm_auth.cwb_ntlm_auth.cwb_ntlm_auth.cwb_ntl
m_auth.cwb_basic_auth.cwb_basic_auth.cwb_basic_auth.cwb_basic_auth.cwb_basic
_auth.cwb_basic_auth.cwb_basic_auth.cwb_basic_auth.cwb_basic_auth.cwb_basic_
auth.c:273fgets() failed! dying..... errno=): ):
:110:110:110:110:110:110:110:110:110fgets() failed! dying.....
errno=:273:273:273:273:273:273:110:110:110:110:110:110:110:110:110:110): 0
(fgets() failed! dying..... errno=fgets() failed! dying..... errno=): ): ):
): ): ): ): ): ): 0 (): ): ): ): ): ): ): ): ): ): ): ): ): ): ): ): Error
00 (0 (fgets() failed! dying..... errno=fgets() failed! dying.....
errno=fgets() failed! dying..... errno=fgets() failed! dying.....
errno=fgets() failed! dying..... errno=fgets() failed! dying.....
errno=fgets() failed! dying..... errno=fgets() failed! dying.....
errno=fgets() failed! dying..... errno=Error 0fgets() failed! dying.....
errno=fgets() failed! dying..... errno=fgets() failed! dying.....
errno=fgets() failed! dying..... errno=fgets() failed! dying.....
errno=fgets() failed! dying..... errno=fgets() failed! dying.....
errno=fgets() failed! dying..... errno=fgets() failed! dying.....
errno=fgets() failed! dying..... errno=fgets() failed! dying.....
errno=fgets() failed! dying..... errno=fgets() failed! dying.....
errno=fgets() failed! dying..... errno=fgets() failed! dying.....
errno=fgets() failed! dying..... errno=)
Error 0Error 0fgets() failed! dying..... errno=0 (0 (0 (0 (0 (0 (0 (0 (0 ()
0 (0 (0 (0 (0 (0 (0 (0 (0 (0 (0 (0 (0 (0 (0 (0 ()
)
0 (Error 0Error 0Error 0Error 0Error 0Error 0Error 0Error 0Error 0Error
0Error 0Error 0Error 0Error 0Error 0Error 0Error 0Error 0Error 0Error 0Error
0Error 0Error 0Error 0Error 0Error 0)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
2003/04/09 13:06:34| Starting Squid Cache version 2.5.STABLE2 for
sparc-sun-solaris2.8...
2003/04/09 13:06:34| Process ID 24082
2003/04/09 13:06:34| With 1024 file descriptors available
2003/04/09 13:06:34| Performing DNS Tests...
2003/04/09 13:06:34| Successful DNS name lookup tests...
2003/04/09 13:06:34| DNS Socket created at 0.0.0.0, port 34381, FD 4
2003/04/09 13:06:34| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2003/04/09 13:06:34| Adding nameserver 169.191.96.12 from /etc/resolv.conf
2003/04/09 13:06:34| Adding nameserver 169.191.96.11 from /etc/resolv.conf
2003/04/09 13:06:34| Adding nameserver 169.191.102.28 from /etc/resolv.conf
2003/04/09 13:06:34| helperStatefulOpenServers: Starting 20 'wb_ntlmauth'
processes
(wb_ntlmauth)[24083](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24084](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24085](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24086](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24087](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24088](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24089](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24090](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24091](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24093](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24092](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24094](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24095](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24096](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24097](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24098](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24100](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24099](wb_ntlm_auth.c:355): target domain is AU
2003/04/09 13:06:34| helperOpenServers: Starting 20 'wb_auth' processes
(wb_ntlmauth)[24101](wb_ntlm_auth.c:355): target domain is AU
(wb_ntlmauth)[24102](wb_ntlm_auth.c:355): target domain is AU
2003/04/09 13:06:34| Unlinkd pipe opened on FD 49
2003/04/09 13:06:34| Swap maxSize 102400 KB, estimated 7876 objects
2003/04/09 13:06:34| Target number of buckets: 393
2003/04/09 13:06:34| Using 8192 Store buckets
2003/04/09 13:06:34| Max Mem size: 24576 KB
2003/04/09 13:06:34| Max Swap size: 102400 KB
2003/04/09 13:06:34| Store logging disabled
2003/04/09 13:06:34| Rebuilding storage in /var/cache (CLEAN)
2003/04/09 13:06:34| Using Least Load store dir selection
2003/04/09 13:06:34| Set Current Directory to /var/cache
2003/04/09 13:06:34| Loaded Icons.
2003/04/09 13:06:34| Accepting HTTP connections at 0.0.0.0, port 8080, FD
50.
2003/04/09 13:06:34| Accepting ICP messages at 0.0.0.0, port 3130, FD 51.
2003/04/09 13:06:34| Accepting SNMP messages on port 3401, FD 52.
2003/04/09 13:06:34| Configuring Parent 127.0.0.1/8085/0
2003/04/09 13:06:34| Ready to serve requests.
2003/04/09 13:06:35| Done reading /var/cache swaplog (357 entries)
2003/04/09 13:06:35| Finished rebuilding storage from disk.
2003/04/09 13:06:35| 357 Entries scanned
2003/04/09 13:06:35| 0 Invalid entries.
2003/04/09 13:06:35| 0 With invalid flags.
2003/04/09 13:06:35| 357 Objects loaded.
2003/04/09 13:06:35| 0 Objects expired.
2003/04/09 13:06:35| 0 Objects cancelled.
2003/04/09 13:06:35| 0 Duplicate URLs purged.
2003/04/09 13:06:35| 0 Swapfile clashes avoided.
2003/04/09 13:06:35| Took 0.4 seconds ( 902.8 objects/sec).
2003/04/09 13:06:35| Beginning Validation Procedure
2003/04/09 13:06:35| Completed Validation Procedure
2003/04/09 13:06:35| Validated 357 Entries
2003/04/09 13:06:35| store_swap_size = 2338k
2003/04/09 13:06:35| storeLateRelease: released 0 objects

-----Original Message-----
From: Apostolou, Nicholas [IT]
Sent: Tuesday, April 08, 2003 11:31 AM
To: 'Andrew Bartlett'; Apostolou, Nicholas [IT]
Cc: 'samba@lists.samba.org'
Subject: RE: [Samba] Solaris 8 and winbindd/wbinfo

Hi Andrew,

the output of wb_auth is below.

/usr/local/squid/libexec
nicka% ./wb_auth
nicka password
OK

All looks good. What do you suggest?

Nick

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet@samba.org]
Sent: Tuesday, April 08, 2003 11:19 AM
To: Apostolou, Nicholas ""[IT]
Cc: 'Andrew Bartlett'; 'samba@lists.samba.org'
Subject: RE: [Samba] Solaris 8 and winbindd/wbinfo

On Tue, 2003-04-08 at 11:09, Apostolou, Nicholas [IT] wrote:
> Hi Andrew,
>
> squid was compiled with the following using the samba source
>
> # ./configure --prefix=/usr/local/squid --enable-async-io --enable-snmp
> --with-aio --disable-wccp --disable-ident-lookups --enable-auth=ntlm,basic
> --enable-basic-auth-helpers=winbind --enable-ntlm-auth-helpers=winbind
> --with-samba-sources=/usr/local/src/samba-2.2.8
> #
>
> root# ./wbinfo -a nicka%password
> plaintext password authentication succeeded
> challenge/response password authentication succeeded
>
>
> In squid I went back to using only basic auth and all works well.
> auth_param basic program /usr/local/squid/libexec/wb_auth
> auth_param basic children 20
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours

Run wb_auth from the command line. Type in

username password

and see what it returns. (I think that's the format - it's all
documented on the squid site).

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
Received on Tue Apr 08 2003 - 21:09:42 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:53 MST