[squid-users] Winbind basic authentication problems with squid

From: FWAdmin <[email protected]>
Date: Fri, 1 Aug 2003 15:18:54 -0300

Hello all.

I installed Samba and am using winbind with Squid for authentication. I am
having problems with the Winbind helper though. When I run any of Samba's
wbinfo commands (-u, -g, -t, etc) everything works great. The squid helper
doesn't work however. I get the following:

[root@bantha etc]# /usr/local/squid/libexec/wb_auth -d
/wb_auth[11023](wb_basic_auth.c:167): basic winbindd auth helper build Aug
1 2003, 14:42:29 starting up...
domain\userid password
/wb_auth[11023](wb_basic_auth.c:129): Got 'domain\userid password' from
squid (length: 25).

Then it just hangs there indefinitely.

My squid.conf file looks like this:

http_port 80
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic program /usr/local/squid/libexec/wb_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 10000
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl AuthorizedUsers proxy_auth REQUIRED
http_access allow all AuthorizedUsers
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /usr/local/squid/var/cache

Pretty basic. The reason I don't have NTLM enabled is because that isn't
working either, but thats a whole other problem.

Am I missing something in my config?

Any help would be appreciated. Thanks

                -Jason

Jason Thompson
Security Analyst
Networks and Communications
xwave

-------------------------
This e-mail communication (including any or all attachments) is intended
only for the use of the person or entity to which it is addressed and may
contain confidential and/or privileged material. If you are not the intended
recipient of this e-mail, any use, review, retransmission, distribution,
dissemination, copying, printing, or other use of, or taking of any action
in reliance upon this e-mail, is strictly prohibited. If you have received
this e-mail in error, please contact the sender and delete the original and
any copy of this e-mail and any printout thereof, immediately. Your
co-operation is appreciated.

Le present courriel (y compris toute piece jointe) s'adresse uniquement a
son destinataire, qu'il soit une personne ou un organisme, et pourrait
comporter des renseignements privilegies ou confidentiels. Si vous n'etes
pas le destinataire du courriel, il est interdit d'utiliser, de revoir, de
retransmettre, de distribuer, de disseminer, de copier ou d'imprimer ce
courriel, d'agir en vous y fiant ou de vous en servir de toute autre facon.
Si vous avez recu le present courriel par erreur, priere de communiquer avec
l'expediteur et d'eliminer l'original du courriel, ainsi que toute copie
electronique ou imprimee de celui-ci, immediatement. Nous sommes
reconnaissants de votre collaboration.
Received on Fri Aug 01 2003 - 12:19:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:32 MST