[squid-users] Re: NT domain authentication

From: Henrik Nordstrom <[email protected]>
Date: Wed, 17 Mar 2004 14:38:24 +0100 (CET)

On Wed, 17 Mar 2004, Rakesh Kumar wrote:

> I am using squid v3.0

Please note that Squid-3.0 is still under development and not yet
released. It is currently quite behind Squid-2.5 on stability, especially
in case of NTLM authenticaiton but there is also a large number of other
known problems in Squid-3.0 which needs to be fixed before release... (see
the bug database).

Running the pre-release of Squid-3.0 is fine in lab/testing, but don't run
this in production unless you know very well what you are doing and are
prepared to take the consequences.

For production you should use the current STABLE release, possibly with
relevant patches applied. The current STABLE release is 2.5.STABLE5, and
there is at least one relevant patch.
<url:http://www.squid-cache.org/Versions/v2/2.5/bugs/>

> and want to configure this for user authentication
> from NT domain. I am compiling squid as-
> ./configure --enable-ssl --enable-auth="ntlm,basic", make and make install

Ok. This builds the ntlm and basic authentication schemes. If you also
want to build helpers for these schemes there is other configure options
for this purpose.

Are you sure you want the --enable-ssl option? This option is normally
only required if you are configuring a reverse proxy acting as a SSL
accelerator infront of your web servers, and is generally not of interest
to normal proxying. But other than some small noise in cache.log on
startup it does not hurt to have this enabled even if you do not use the
feature. The Squid-3.0 does have some cool use of this option even in a
proxy (such as being able to access https:// objects even if your browser
is not SSL enabled) but even these features is generally not of interest
to normal proxying.

> I do not get any error. But I do not get any file or directory like
> auth_modules or ncsa_auth in /usr/local/squid/bin directory. Also under
> /usr/local/squid/etc I have only four files related to mime and squid
> confoguration. There should be more files. At least a file where I can
> mention about PDC of the domain.....
>
> I got NT authentciation working earlier on Squid V2.3

Squid-2.3 did not even have the NTLM authentication scheme (only basic)
or the --enable-auth option to define which schemes to support..

Using the same configure flags as for Squid-2.3 should work in Squid-2.5
and the development versions of Squid-3.0 as well. Some options have been
renamed (as documented in the release notes in the release where this was
done) but the configure script usually accepts the old name as well for
some time only giving a warning that you are using an old configure option
name.

Regards
Henrik
Received on Wed Mar 17 2004 - 06:38:34 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST