RE: [squid-users] Authenticating with Samba for logging username in Squid access log from Leach, Shane

From: Leach, Shane - MIS Laptop <mis@dont-contact.us>
Date: Tue, 27 Nov 2007 17:21:18 -0600

I was successful in getting LDAP to work, like so:

auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
"dc=domain,dc=com" -D "cn=Administrator,cn=Users,dc=domain,dc=com" -w
"password" -f sAMAccountName=%s -h 0.0.0.0 # real IP here
auth_param basic children 5
auth_param basic realm SQUID
auth_param basic credentialsttl 5 minutes

However, this has a login required. I would like to not have this,
which I understand is not part of using NTLM. I saw the following on a
website:

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid
auth_param basic credentialsttl 2 hours

I am receiving some errors. I will investigate more, but does this look
correct. I did make the changes to http_access and acl, as requested.

Thank you for your assistance.

Shane

-----Original Message-----
From: Chris Robertson [mailto:crobertson@gci.net]
Sent: Tuesday, November 27, 2007 2:58 PM
To: Squid Users
Subject: Re: [squid-users] Authenticating with Samba for logging
username in Squid access log

Leach, Shane - MIS Laptop wrote:
> When I added these lines, the connection was blocked. Could it be
> that the authentication is not working correctly? I have success when

> I attempt all wbinfo commands shown in the link.
>
> Thank you for your assistance.
>
> Shane
>

From your reply to Henrik
(http://www.squid-cache.org/mail-archive/squid-users/200711/0636.html),
it looks as though you are using a basic authentication helper to
authenticate against LDAP. Further, it looks as though you are trying
to perform this query over a non-encrypted channel, which some LDAP
servers deny by default.

Configuration examples are available for LDAP auth
(http://wiki.squid-cache.org/ConfigExamples/SquidAndLDAP) and NTLM
(since you have wbinfo working, start at
http://wiki.squid-cache.org/ConfigExamples/WindowsAuthenticationNTLM#hea
d-ce4db5f4eeb74d1c009e686ce23d633c87300abd).

Hope that helps...

Chris
Received on Tue Nov 27 2007 - 16:21:34 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST