[squid-users] Squid - Active Directory ntlm_auth Problems

From: Peter213 <[email protected]>
Date: Mon, 18 Apr 2005 20:16:17 +0200

Hello,

I've set up a Fedora Core 3 box with squid. Now i want that Squid uses
the ntlm_auth for using the Windows 2000 Active Directory Users and
Passwords.

My smb.conf looks like this:

[global]

   realm = Heumann.local
   workgroup = Heumann
   server string = Samba Server
   printcap name = /etc/printcap
   load printers = yes
   cups options = raw
   log file = /var/log/samba/%m.log
   max log size = 50
   security = ADS
   password server = 192.168.15.15
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   winbind enum users = yes
   winbind enum groups = yes
   template shell = /bin/false
   winbind use default domain = no

The krb5.conf

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = HEUMANN.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
 HEUMANN.LOCAL = {
  kdc = 192.168.15.15:88
  admin_server = 192.168.15.15:749
  default_domain = HEUMANN.LOCAL
 }

[domain_realm]
 .heumann.local = HEUMANN.LOCAL
 heumann.local = HEUMANN.LOCAL

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

And the squid.conf:

...

auth_param ntlm program /usr/lib/squid/ntlm_auth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/lib/squid/ntlm_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl AuthorizedUsers proxy_auth REQUIRED
http_access allow all AuthorizedUsers

....

Now I get the following error in the cache.log

>You must specify at least one domain-controller!
>(ntlm_auth) usage:
>(ntlm_auth) [-b] [-f] [-d] [-l] domain\controller [domain\controller
...]
>-b enables load-balancing among controllers
>-f enables failover among controllers (DEPRECATED and always active)
>-l changes behavior on domain controller failyures to last-ditch.
>-d enables debugging statements if DEBUG was defined at build-time.

But if i ad in the squid.conf after the ntlm_auth heumann\win2kserv it
dosn't work.

Wbinfo -u works fine.

Please help me..

With best regards Peter213
Received on Mon Apr 18 2005 - 12:19:24 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:04 MDT