[squid-users] Re: Having problems with ntlm_auth in my squid.conf file

From: Ray Dermody <[email protected]>
Date: Mon, 19 Feb 2007 16:13:32 +0000

Hi,
>
> Im trying to get transparent authentication working to my active directory
> box as specified here (
> http://samba.org/samba/docs/man/Samba-Guide/DomApps.html ). My kerberos and
> smb config files work fine as klist -e, wbinfo -u and wbinfo -g returns
> proper results. However when I add
>
> auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
> auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> acl AuthorizedUsers proxy_auth REQUIRED
> http_access allow all AuthorizedUsers
>
> to my previously untouched/default squid.conf file. However when I
> start squid after this change I get errors in my
> /var/log/squid/squid.out file
>
> squid: ERROR: Could not send signal 0 to process 6193: (3) No such process
> squid: ERROR: Could not send signal 0 to process 6379: (3) No such process
> squid: ERROR: Could not send signal 0 to process 7114: (3) No such process
>
> When I do a "service squid start" it keeps adding a new PID and a
> "service squid stop" adds a new error to the squid.out file above.
> However when I uncomment all the auth_param stuff above I can shutdown
> and restart squid prefectly. Also when I run
> /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> --username=dermodyr manually I can authenticate perfectly. Ownership
> on ntlm_auth is
>
> -rwxrwxrwx 1 root squid 1170036 Feb 7 22:54 /usr/bin/ntlm_auth
>
> Im 95% sure that my problem is with my squid.conf file (
> http://software.itcarlow.ie/misc/squid.conf)
> Have i put these new entries into the wrong section of my config file?
> BTW, Im running Fedora Core 6, squid-2.6.STABLE9-1.fc6, samba 3.0.24
> and Kerberos5.
> Thanks to all
Received on Mon Feb 19 2007 - 09:13:38 MST

This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST