Re: [squid-users] nt domain ntlm group authentication problem?

From: Srinivasa Chary <[email protected]>
Date: Sun, 13 Feb 2005 11:30:05 +0400

Dear nikolay,

Thanks you very much for your help my problem is solved ..

Regards,
M.Srinivasa Chary

----- Original Message -----
From: <nikolay.nenchev@rbb-sofia.raiffeisen.at>
To: <srinivasc_nts@omzest.com>
Sent: Tuesday, February 08, 2005 7:25 PM
Subject: Fw: [squid-users] nt domain ntlm group authentication problem?

> Hi,
> as a basic i have followed faq 23 at squid-cache.org page. You can check
> this,if you didn't already.
> Can you be more specific about your problem? Because these days a have two
> problems:
> 1. was ntlm_auth as a whole
> 2. group authentication with wbinfo_group.pl
> So I am going to give you my conf file and you can give a feedback after
> this.
> smb.conf:
> # Global parameters
> [global]
> workgroup = MYLAN
> server string = Netmon
> security = DOMAIN
> password server = pdc.mylan
> log file = /usr/local/samba/var/log.%m
> max log size = 50
> load printers = No
> dns proxy = No
> wins server = 10.0.0.1
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind use default domain = Yes
> hosts allow = 10.0.4., 10.0.5., 10.0.6., 10.0.7.
>
>
> squid is configured with:
> configure options: --enable-auth=ntlm,basic
> --enable-external-acl-helpers=wbinfo_group
> squid.conf:
> ################################
> ###MYLAN-NTLM and BASIC AUTH###
> ################################
>
> auth_param ntlm program /usr/local/samba/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
> auth_param ntlm use_ntlm_negotiate off
>
> auth_param basic program /usr/local/samba/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
>
> external_acl_type group_nt %LOGIN /usr/local/squid/libexec/wbinfo_group.pl
>
> acl NTAuth external group_nt IT_Department
> acl Auth proxy_auth REQUIRED
>
> http_access allow Auth NTAuth
>
> http_access deny all
> ####################################
> other thing is that i make an wbinfo, which is located in samba
> directories (/usr/local/samba/bin), I've put it in PATH variable.
> and as you have read about LANG variable it should be C. and when you
> start wbinfo_group.pl u should request your domain controllers in order
> like this:
> domain\\user group (\\ is separator defined in smb.conf,if you dont have
> such directive it is possible + or \, but before a special character like
> \ or + you should put \ to defined them as a special one.)
> I'm not sending you a wbinfo_group.pl because it is standart i didn't
> change anything there except line:
>
> sub debug {
> #Uncomment this to enable debugging
> print STDERR "@_\n";
> }
>
>
>
> Ask if u have some other questions, also squid-users mailing list is very
> usefull
> Regards,
> Nikolay
>
>
>
>
> srinivasc_nts@omzest.com@inet
> 08.02.2005 15:10
>
> To
> nikolay.nenchev@rbb-sofia.raiffeisen.at
> cc
>
> Subject
> Re: [squid-users] nt domain ntlm group authentication problem?
>
>
>
>
>
>
> Dear Nikolay,
>
> I was reading your mails i am also facing the same problem with
> wbinfo_group.pl , It will be very help full to me if you send me the
> configuration files of
>
> 1) squid.conf
> 2) smb.conf
> 3) wbinfo_group.pl
>
>
>
> Regards,
> M.Srinivasa Chary
>
>
> ----- Original Message -----
> From: <nikolay.nenchev@rbb-sofia.raiffeisen.at>
> To: <squid-users@squid-cache.org>
> Sent: Tuesday, February 08, 2005 12:31 PM
> Subject: Re: [squid-users] nt domain ntlm group authentication problem?
>
>
> > Hi,
> > it was my mistake. I uncommnet debug in wbinfo_group.pl.
> > Also it wasn't clear enough structure of requests for this perl script.
> > I ask:
> > mylan\\test test (domain\\user group)
> > and i have very pretty reply with OK in the end.
> > Thanks to everyone
> > Nikolay
> >
> >
> >
> > hno@squid-cache.org@inet
> > 08.02.2005 10:13
> >
> > To
> > nikolay.nenchev@rbb-sofia.raiffeisen.at
> > cc
> > hno@squid-cache.org
> > Subject
> > Re: [squid-users] nt domain ntlm group authentication problem?
> >
> >
> >
> >
> >
> >
> >
> >
> > On Tue, 8 Feb 2005 nikolay.nenchev@rbb-sofia.raiffeisen.at wrote:
> >
> > > So i don't know from where is this problem. And as I wrote ntlm nt
> group
> > > authentication is working but still receiving this mistake with
> > > wbinfo_group.pl:
> > >
> > >> mylan\test
> > >> Use of uninitialized value in concatenation (.) or string at
> > >> /usr/local/squid/libexec/wbinfo_group.pl line 35, <STDIN> line 1.
> >
> > Right. You didn't give which group it should match against.
> >
> > mylan\test InternetUsers
> >
> > or whatever the group you want to match against is named.
> >
> > Regards
> > Henrik
> >
> >
> >
> >
>
>
>
>
>
>
Received on Sun Feb 13 2005 - 00:29:37 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST