[squid-users] NTLM help.

From: Marty Riedling <[email protected]>
Date: Mon, 20 Dec 2004 09:10:10 -0600

I have read the FAQ and other questions posted here and can't seem to find
an answer to
my problem. I have setup squid as per instructions in the FAQ to interface
with my NT domain,
not AD, and everything from the samba side seems to be working correctly.
But when ntlm_auth
is run by squid user auth does not work, even basic. I have tried running
the command by hand
as user squid and all works ok. Please help.

wbinfo -t
checking the trust secret via RPC calls succeeded

/usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
mriedling <password>
OK

In cache.log I am seeing the following:

[2004/12/20 10:01:06, 10] utils/ntlm_auth.c:manage_squid_request(1610)
  Got 'mriedling <password>' from squid (length: 18).
[2004/12/20 10:01:06, 1] utils/ntlm_auth.c:check_plaintext_auth(286)
  Reading winbind reply failed! (0x01)
[2004/12/20 10:01:06, 3] utils/ntlm_auth.c:check_plaintext_auth(292)
  : (0x0)

ll /var/run/winbindd/pipe
srwxrwxrwx 1 root root 0 Dec 20 09:09 /var/run/winbindd/pipe

ll /var/cache/samba/winbindd_privileged/pipe
srwxrwxrwx 1 root root 0 Dec 20 09:09
/var/cache/samba/winbindd_privileged/pipe

ll -d /var/cache/samba/winbindd_privileged
drwxr-x--- 2 root squid 4096 Dec 20 09:09
/var/cache/samba/winbindd_privileged

My squid.conf:
http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 256 MB
maximum_object_size 32096 KB
maximum_object_size_in_memory 10 KB
cache_dir ufs /var/spool/squid 8000 16 256
ftp_user Squid@ingles-markets.com
ftp_list_width 32
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic --debuglevel=10
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl AuthorizedUsers proxy_auth REQUIRED
http_access allow all AuthorizedUsers
http_access allow localhost
http_access deny all

My smb.conf:
workgroup = INGLESMKTS
server string = Proxy2 Samba Server
hosts allow = 172.20. 127.
log file = /var/log/samba/%m.log
max log size = 50
security = domain
password server = *
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = 172.20.0.11
dns proxy = no
winbind uid = 10000-20000
winbind gid = 10000-20000
template shell = /bin/false
winbind use default domain = yes
winbind separator = +

======================================================================
Marty A. Riedling Jr. m_riedling@hotmail.com
======================================================================
Received on Mon Dec 20 2004 - 09:10:44 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST