[squid-users] SQUID NTLM

From: Tony Grace <tony@dont-contact.us>
Date: Wed, 16 Jul 2003 22:00:44 +0800

Thanks for the support with my attempt to get squid+winbind+samba+ADS
working
RedHat 9.0 + squid 2.5.3 + samba 2.2.8a

I now have samba components working with ADS

wbinfo -a domain+username%password works
wbinfo -t works

wb_auth -d
Domain+username password gets an ok

Squid logs
1058324873.302 1 xxx.xxx.xxx.xxx TCP_DENIED/407 1732 GET
http://www.google.com.au/ - NONE/- text/html
1058324873.321 9 xxx.xxx.xxx.xxx TCP_DENIED/407 1728 GET
http://www.google.com.au/ - NONE/- text/html
1058324877.106 1 xxx.xxx.xxx.xxx TCP_DENIED/407 1732 GET
http://www.google.com.au/ - NONE/- text/html
1058324877.109 0 xxx.xxx.xxx.xxx TCP_DENIED/407 1728 GET
http://www.google.com.au/ - NONE/- text/html

Is there anyway to increase the information logged specifically about the
ntlm auth?

Squid.conf

        auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
        auth_param ntlm children 5
        auth_param ntlm max_challenge_reuses 0
        auth_param ntlm max_challenge_lifetime 2 minutes
        auth_param basic program /usr/local/squid/libexec/wb_auth
        auth_param basic children 5
        auth_param basic realm Squid proxy-caching web server
        auth_param basic credentialsttl 2 hours

acl AuthorizedUsers proxy_auth required

http_access allow all AuthorizedUsers
http_access deny all

Getent does not inculde domain information only Linux info is this a
problem?

Smb.conf

[global]
        workgroup = XXXXX
        netbios name = MAIL
        server string = Samba Server
        security = DOMAIN
        encrypt passwords = Yes
        update encrypted = Yes
        obey pam restrictions = Yes
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
        unix password sync = Yes
        log file = /var/log/samba/%m.log
        max log size = 0
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        dns proxy = No
        password server = *
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        name resolve order = hosts lmhosts wins bcast
        printing = cups
        wins server = xxx.xxx.xxx.xxx

Regards
Tony
Received on Wed Jul 16 2003 - 08:00:41 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:01 MST