RE: [squid-users] NTLM Auth multiple problems.

From: Sridhar M.N. <[email protected]>
Date: Mon, 29 Nov 2004 07:32:26 -0800 (PST)

Hello all

Thanks guys, the problem of squid starting without any
errors is solved at the moment. When I try to browse
any websites while using the proxy, it even asks for
authentication. Even after putting in the required
credentials, ie the username/password and the domain
it still doesn't authenticate. This is the for the
configuration of samba and squid after installation.

After installing Samba, I changed /etc/samba/smb.conf
file.

[global]
workgroup= MOSMB
log level = 4
netbios name = MPDMSMB
realm = MOSMB.COM
password server = mpdmtest
security = ads
preferred master = No
domain master = False
local master = No
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind uid = 10000-20000
winbind gid = 10000-20000

I copied the FILE ntlm_auth to /usr/bin/ directory
from
/usr/local/src/samba-3.0.9/work/samba-3.0.9/source/bin/ntlm_auth

The fqdn for the local domain server is
mpdmtest.MOSMB.COM

MPDMSMB is the netbios name for the Samba server.

I joined the domain using "net rpc join -U
Administrator"

/etc/init.d/samba start

winbindd

mpdmsmb ~ # wbinfo -t
checking the trust secret via RPC calls succeeded

mpdmsmb ~ # wbinfo -u
Administrator
Guest
SUPPORT_388945a0
MPDMTEST$
krbtgt
...

mpdmsmb ~ # wbinfo -g
BUILTIN\System Operators
BUILTIN\Replicators
BUILTIN\Guests
BUILTIN\Power Users

All these tests are succeding. But when I try to test
through /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic --domain=MOSMB.COM
--username=Administrator --password=passwd, nothing
happens.

/etc/init.d/squid start

Squid starts without any errors and I get the
authentication popups while I try to browse too. So
where am I going wrong? I hope that I have included
everything that is required.

Thanks a lot for the help guys =)

 Regards

Srid

--- Elsen Marc <elsen@imec.be> wrote:

>
>
> > Hello all
> >
> > I'm trying to get NTLM Authentication working but
> > haven't been successful with the squid part of it.
> > Everything with samba works perfectly fine. I'm
> using
> > samba-3.0.8 and all the samba tests are working
> fine.
> > /usr/local/bin/ntlm_auth
> > -helper-protocol=squid-2.5-basic
> > --domain=MO.COM --username=Srid --password=passwd
>
> >
> > Successful
> >
> >
> > wbinfo -t, wbinfo -u, wbinfo -g, getent passwd and
> > getent group works just fine.
> >
> > Below is the squid.conf
> >
> > --skip--
> >
> > auth_param ntlm program /usr/bin/ntlm_auth
> > --helperprotocol=squid-2.5-ntlmssp
> > auth_param ntlm children 5
> > auth_param ntlm max_challenge_reuses 0
> > auth_param ntlm max_challenge_lifetime 20 minutes
> > auth_param basic program /usr/bin/ntlm_auth
> > --helperprotocol=squid-2.5-basic
> > auth_param basic children 5
> > auth_param basic realm Squid proxy-caching web
> server
> > auth_param basic credentialsttl 2 hours
> >
> >
> > acl vlan1 src 10.1.1.0-10.1.1.254
> > acl vlan21 src 10.1.21.0-10.1.21.254
> > acl AuthorizedUsers proxy_auth REQUIRED
> > acl all src 0.0.0.0/0.0.0.0
> >
> > --skip--
> >
> > http_access allow all AuthorizedUsers
> > http_access allow vlan1
> > http_access allow vlan21
> > http_access allow all
> > http_access deny all
> >
> > There are no errors in log.nmbd/smbd/winbind but
> there
> > are some errors in cache.log. The errors are
> >
> > 2004/11/25 17:39:39| Unlinkd pipe opened on FD 24
> > 2004/11/25 17:39:39| Swap maxSize 1048576 KB,
> > estimated 80659 objects
> > -skip-
> >
> > 2004/11/25 17:39:40| WARNING: basicauthenticator
> #5
> > (FD 20) exited
> > 2004/11/25 17:39:40| Done scanning
> /var/spool/squid
> > swaplog (0 entries)
> >
> > -skip-
> >
> > 2004/11/25 17:39:40| store_swap_size = 0k
> > username must be specified!
> >
> > And when username and password is specified in the
> > squid.conf file, I get the errors
> >
> > 2004/11/25 17:39:40| Took 0.0 seconds ( 0.0
> > entries/sec).
> > FATAL: The basicauthenticator helpers are crashing
> too
> > rapidly, need help!
> >
> > 2004/11/25 17:39:47| WARNING: ntlmauthenticator #1
> (FD
> > 11) exited
> > 2004/11/25 17:39:47| WARNING: ntlmauthenticator #2
> (FD
> > 12) exited
> > 2004/11/25 17:39:47| WARNING: basicauthenticator
> #5
> > (FD 20) exited
> >
> > Squid is running with the user/group nobody and
> the
> > owenership for the folder and permissions are
> > specified too
> >
> > drwxrw-rw- 2 root nobody 4096 Nov 23 16:41
> > winbindd_privileged
> >
> > What might be the problem? Do I need to make
> changes
> > to any of the pam files?
> >
> > Thanks for the help =)
> >
> >
>
> Does :
>
> % squid -k parse
>
> give any errors ?
>
> M.
>

                
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - Get yours free!
http://my.yahoo.com
 
Received on Mon Nov 29 2004 - 08:32:29 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:02 MST