Hi all!
I am trying to set up Squid as the proxy for the net work here but am
running into a problem as you can see by the subject.
I have had Samba 3 running on the computer (running Ubuntu 5.10) for
quite some time doing some file sharing and that is working fine no one
has any troubles with it at all. I originally installed squid from a
package and was initially making great progress. I had been enabling
features one at a time and testing the net to make sure that if I broke
it I could fix it. Everything was going fine until I tried to enable
ntlm authorisation. Was wanting this working so I can see who does what
not just what ip does what.
The first thing I noticed was that when ntlm was configured in the .conf
file with the following :
auth_param ntlm program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
It took about 25 min for Squid to finish its initialisation (according
to the cache.log) At first I thought it had broken squid totally (no acl
configured) as I couldn't connect to it anymore however checking the
logs showed that it was simply stalling at
"helperStatefulOpenServers:Starting 5 'ntlm_auth' processes". This line
was then followed by 5 "WARNING: Cannot run '/user/bin/ntlm_auth'
process." messages about 3 min apart. The same is then repeated for the
"helperOpenServers: starting 5 'ntlm_auth" processes" line.
Needless to say because of the above any users cant authenticate and are
blocked from the proxy when ACL's using ntlm authentication are used.
(if the ntlm is no required for a particular user then they can still
access the proxy).
At first I thought it might be a permissions issue so I went gave proxy
group full permissions to every samba file on the computer. No
difference. I bumped up the logging level to 9 and this is what I get.
(for ntlm children 1)
(same time stamp)
authNTLMConfigured: returning configured
helperStatefulOpenServers: Starting 1 'ntlm_auth' processes
Comm._open: FD 7 is a new socket
fd_open FD 7 ntlm_auth
Comm._open: FD 8 is a new socket
fd_open FD 8 ntlm_auth
ipcCreate: prfd FD 8
ipcCreate: prfd FD 8
ipcCreate: crfd FD 7
ipcCreate: cwfd FD 7
ipcCreate: FD 8 sockaddr 127.0.0.1:53820
ipcCreate: FD 7 sockaddr 127.0.0.1:53819
ipcCreate: FD 7 Listening...
leave_suid: PID 26486 called
leave_suid: PID 26486 giving up root priveleges forever
ipcCreate: calling accept in FD 7
comm_close: FD 7
commCallCloseHandlers: FD 7
fd_close FD 7 ntlm_auth
connect FD 8: (110) Connection timed out
comm_close: FD 8
CommCallCloseHandlers: FD 8
Fd_close FD 8 ntlm_auth
WARNING: Cannot run '/user/bin/ntlm_auth' process.
StatefulGetFirstAvailable: Running servers 0.
cachemgrRegester: registered ntlmauthenticator
authBasicCofigured: returning configured
helperStatefulOpenServers: Starting 1 'ntlm_auth' processes
(3 min time jump on the stamp)
It all starts again......
I figured that it might be an issue with the package so I downloaded the
source and compiled it as per the web site and get the same issue.
(stable 10)
I guess I am hoping that all of this means something to someone and that
you can help me!
If anymore info is required please let me know!
Nathaniel
Received on Mon Jul 03 2006 - 20:24:07 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT