On Wed, 25 Aug 2004, Mrvka Andreas wrote:
> i have suse linux 9.1 where squid3 is precompiled
Hmm.. I think I have to go and shoot someone at SuSE.. Squid3 is not yet
released and way away from a production quality release. Having this
included in a OS release is pure madness on the level of playing russian
roulette.
> but i dont get it running authenticating my users with active directory.
>
> here my squid.conf:
> [...]
> auth_param basic program /usr/sbin/squid_ldap_auth -p 389 -u cn -R -b
> dc=subdomain,dc=domain,dc=com -D
> cn=administrator,cn=users,dc=subdomain,dc=domain,dc=com -w password -f cn=%s
> -h PDC
Any errors when you try this manually?
> auth_param ntlm program /usr/sbin/ntlm_auth -b DOMAIN/PDC DOMAIN/BDC
Hmm.. this program should not be in /usr/sbin/. It should be in
libexec/squid/ somewhere..
> echo "user pass" | /usr/sbin/ntlm_auth -d DOMAIN\\PDC
> ntlm-auth[6099](ntlm_auth.c:188): Adding domain-controller DOMAIN\\PDC
> ntlm-auth[6099](ntlm_auth.c:461): options processed OK
> ntlm-auth[6099](ntlm_auth.c:285): managing request
> ntlm-auth[6099](ntlm_auth.c:291): ntlm authenticator. Got 'user pass' from
> Squid
> ntlm-auth[6099](ntlm_auth.c:441): sending 'BH Helper detected protocol error'
> to squid
This is correct. You can not test ntlm helpers manually as they expect
NTLMSSP binary blobs as input, not usernames/passwords.
Regards
Henrik
Received on Wed Aug 25 2004 - 11:07:44 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT