Hi!
I'm trying to authenticate Windows users (2K domain with NT
compatibility) in squid.
Something is wrong, but i don't see. I have read FAQ, HOWTO,
Tutorials, and lots of Google searches.
Scenario:
parent proxy
(pass all)
||
||
\/
my proxy <=========================== Windows server to authenticate
users
(block sites with squidGuard) (same net as my proxy)
Parent is working
SquidGuard is working.
I've made a test with smb_auth and it worked. Says OK.
---- test begin -----
# /usr/local/bin/smb_auth -W MYDOMAIN -d
myusername mypassword
Domain name: MYDOMAIN
Pass-through authentication: no
Query address options:
Domain controller IP address: 10.151.1.1
Domain controller NETBIOS name: SFCTRS1
Contents of //SFCTRS1/NETLOGON/proxyauth: allow
OK
---- test end -----
Linux distribuition: Conectiva
Squid version: squid-2.5.1-2cl
Samba:
samba-common-2.2.8-1U70_2cl
samba-clients-2.2.8-1U70_2cl
samba-2.2.8-1U70_2cl
When I try to start squid with authentication this is returned:
=== output begin ===
Iniciando squid 2003/11/03 18:19:14| parseConfigFile: line 35
unrecognized: 'authenticate_program /usr/local/bin/smb_auth -W MSRS'
2003/11/03 18:19:14| aclParseAclLine: IGNORING: Proxy Auth ACL 'acl
domainusers proxy_auth REQUIRED' because no authentication schemes are
fully configured.
2003/11/03 18:19:14| aclParseAclLine: IGNORING invalid ACL: acl
domainusers proxy_auth REQUIRED
2003/11/03 18:19:14| squid.conf line 37: http_access allow domainusers
2003/11/03 18:19:14| aclParseAccessLine: ACL name 'domainusers' not found.
2003/11/03 18:19:14| squid.conf line 37: http_access allow domainusers
2003/11/03 18:19:14| aclParseAccessLine: Access line contains no
ACL's, skipping
=== output end ===
Here some lines of squid.conf
--- begin ---
# SquidGuard
redirect_program /usr/local/bin/squidGuard -c
/etc/squidGuard/squidGuard.conf
redirect_children 4
# authentication
authenticate_program /usr/local/bin/smb_auth -W MYDOMAIN
acl domainusers proxy_auth REQUIRED
http_access allow domainusers
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
# parent proxy
cache_peer parentproxy.domain parent 80 3130 no-query default
acl all src 0.0.0.0/0.0.0.0
never_direct allow all
--- end ---
And minimum acl configuration enabled.
Thanks fou your help.
Elton S. Fenner
efenner@terra.com.br
---------------------------------------------------
/ ___ ~ Chimarr�o Virtual
\==/ _\_/_ /|~ ---------------------- (o<
/ \ / |/ O chimarr�o � uma tra- //\
\ / | | di��o, que todos deve- V_/_
\/ |_____| mos cultivar em nossas ra�zes.
___________________________________________________
Seja livre n�o use software pirata use LINUX.
---------------------------------------------------
Received on Tue Nov 04 2003 - 05:19:29 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:05 MST