Re: [squid-users] winbindd authentication from Henrik Nordstrom on 2002-06-27 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 28 Jun 2002 00:54:36 +0200

On Wednesday 26 June 2002 17.30, Federico Lombardo wrote:
> For first I'm a little bit ashamed of the helpers documentation
> problems. For a begginer is impossible to make NT authentication
> work only with squid user guides or FAQs, expecially for latests
> helpers.

Well, the Squid-2.5 release is still in development, and the winbind
helper is a very recent addition.

> After that I think that another big problem for beginners, is tha
> no helper program has the simple --help or -? or -h semantic to
> make possible to see wich arg can be passed to the program.

Some do..

> I'm wanna write tutorials and documentation to set up these kind of
> authentication, also samba integration... naturally if someone tell
> me what to do...

This would be welcome.

For winbind ntlm you need a Samba compiled with the needed winbind
extensions. See a recent post from Andrew Bartlett on squid-dev
<http://www.squid-cache.org/mail-archive/squid-dev/200206/0084.html>

> Ok, I've installed samba with the winbindd, correctly changed
> nsswitch.conf to make possible to auth users with nss_winbind. I've
> correctly configured my smb.conf, these are the most important
> configuration:

From my understanding the Squid winbind helper does not really depend
on having nss_winbind or pam_winbind enabled.. it just requires the
winbind daemon to be correctly installed and your Samba to be made
member of the domain..

To get a grip of thing I propose you test things more independently..

*) To test your winbind installation, start by testing the Basic auth
winbind helper (wb_auth) interactively from the command line. All
Basic auth Squid helpers accepts "login password" pairs as input and
will return OK/ERR.

*) To test the NTLM integration of Squid, start by using the fake_auth
helper. This eleminates any dependencies on the connection to a NT
Domain..

When you have both working, or at least the wb_auth, try switching to
using the ntlm winbind helper (wb_ntlmauth).

Note: I have never installed winbind. Can't help you much further.

Regards
Henrik
Received on Thu Jun 27 2002 - 18:10:14 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:51 MST