RE: [squid-users] Winbind authentication cannot work on squid

From: Mohsin Khan <[email protected]>
Date: Tue, 22 Jun 2004 10:41:47 -0700 (PDT)

If you are using winbindd with ntlm it should not ask
you for the passowrd, have you define any ACL, if yes
what is that.

--- Tanzer GENC <tanzer@arkas.com.tr> wrote:
> Hello,
> Please check squid's cache.log.It will give an idea
> to us.
> Could you try to authenticate with another a
> browser. It should be an
> permission problem in
> /var/cache/samba/winbind_privileged directory.
> �f it's a permission problem in winbind_privileged
> directory you must apply
> commands below, chmod 750
> /var/cache/samba/winbind_privileged
> chgrp squid /var/cache/samba/winbind_privileged
> There is a good information
>
http://informatik.asn-graz.ac.at/modules.php?name=News&file=article&sid=2710
> adress.
>
>
> Tanzer GENC
>
>
> -----Original Message-----
> From: Herman (ISTD) [mailto:herman_ang@toyota.co.id]
> Sent: Tuesday, June 22, 2004 5:14 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Winbind authentication cannot
> work on squid
> Importance: High
>
>
> Dear all,
>
> My squid version is : squid-2.5.STABLE5
> The winbind I am using is : samba-3.0.4
>
> Basically I already can authenticate using Samba :
>
> [root@mx logs]# /usr/local/samba/bin/wbinfo -t
> checking the trust secret via
> RPC calls succeeded [root@mx logs]#
> /usr/local/samba/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> mydomain+myuser mypassword
> OK
>
> Here is the configuration of my squid.conf :
> auth_param basic program
> /usr/local/samba/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic auth_param basic
> children 5 auth_param
> basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2
> hours acl fool proxy_auth REQUIRED acl all src 0/0
> http_access allow fool
> http_access deny all
>
> When I browse using IE 6.0, I got the authentication
> windows, I type
> MYDomain\myuser and password, but I always got
> denied :
>
> ERROR
> Cache Access Denied
>
>
------------------------------------------------------------------------
> --------
>
> While trying to retrieve the URL:
> http://www.google.com/
>
> The following error was encountered:
>
> Cache Access Denied.
>
> Sorry, you are not currently allowed to request:
>
> http://www.google.com/from this cache until you
> have authenticated
> yourself.
>
> You need to use Netscape version 2.0 or greater, or
> Microsoft Internet
> Explorer 3.0, or an HTTP/1.1 compliant browser for
> this to work. Please
> contact the cache administrator if you have
> difficulties authenticating
> yourself or change your default password.
>
>
>
>
------------------------------------------------------------------------
> --------
>
> Generated Tue, 22 Jun 2004 02:02:06 GMT by
> squid/2.5.STABLE5
>
> In access.log :
>
> 1087869178.580 502 10.32.4.45 TCP_DENIED/407 1714
> GET
> http://www.google.com/
> MyDomain\myuser NONE/- text/html
> 1087869182.556 969 10.32.4.45 TCP_DENIED/407 1714
> GET
> http://www.google.com/
> MyDomain\myuser NONE/- text/html
>
> Any one can help me ???
>
> Thank you.
>
> Regards,
>
> Herman
>
>
>
>
> > -----Original Message-----
> > From: Adam Aube [mailto:aaube01@baker.edu]
> > Sent: 07 Juni 2004 1:48
> > To: squid-users@squid-cache.org
> > Subject: [squid-users] Re: Winbind authentication
> >
> > Herman (ISTD) wrote:
> >
> > > I am using winbind authentication with squid. So
> far, windbind
> > > authentication to single Domain has no problem.
> But in our
> environment,
> > > the users using squid are distributed on two
> different domains, so I
> > > need winbind to be able to authenticate to two
> different Domains.
> > >
> > > Does anyone ever try this before? I would
> appreciate very much if
> you
> > > can share your experiences with me.
> >
> > If you can link Samba correctly to all the
> domains, then the Winbind
> > helper will work fine. Since this is really a
> Samba issue, the best
> > sources
> of
> > help will be the Samba docs and the Samba list.
> >
> > Adam
>
>

=====
Regards,
Mohsin Khan
CCNA ( Cisco Certified Network Associate 2.0 )
http://www.aaghaz.net

>>>Happy is the one who can smile<<<

                
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo
Received on Tue Jun 22 2004 - 11:41:50 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:03 MDT