LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Squid and NTLM Authentication (https://www.linuxquestions.org/questions/linux-networking-3/squid-and-ntlm-authentication-270864/)

codedv 12-27-2004 02:02 PM
Squid and NTLM Authentication
 
Hi, this is my current set up. I have a SAMBA PDC and on the same machine running as a PDC I have squid installed. I would like to configure squid to use NTLM authentication against the Samba PDC.

The resources I've found on the Internet so far have been very confusing and I fail to understand how to set this up properly. From what I have gathered so far I need to compile smaba with Winbind and squid agains the samba sources:
Code:
Samba
#./configure --with-winbind --with-winbind-auth-challenge --with-automount --with-acl-support

Squid
# ./configure  --enable-gnuregex --enable-useragent-log --enable-arp-acl --enable-ssl --with-openssl=/usr/local/ssl \
--enable-default-err-language=English --enable-err-languages=English --enable-linux-netfilter --enable-auth="basic ntlm" \
--enable-basic-auth-helpers="PAM SMB" --enable-ntlm-auth-helpers=SMB --enable-ntlm-fail-open \
--with-samba-sources=/usr/local/src/samba-3.0.7
The installation and compliation was successful and I edited my squid.conf file to contain the following lines:
Code:
auth_param ntlm program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --debugleve
l=0
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off
However, it just repeatedly asks me for my authentication details. I started winbindd, but as I am unsure as to how this all works, it makes it extremely diffcult trying to findthe problem. Can anyone offer me some insight here?

codedv 05-12-2005 05:25 PM
Nearly 6 months on and I have still made no progress on this issue. Is there anyone out there with a similar configuaration?

All I need is to authenticate squid against my Samba PDC using NTLM, I just seem to be running into one problem after another though.

win32sux 05-29-2005 12:36 AM
still no luck?? please post some links to the documentation you've been using...

codedv 05-29-2005 04:52 PM
Still no luck :(

I think there is something I am not understanding. Maybe it is because I want to authenticate against a domain with a samba PDC. I have been following this tutorial: http://www1.fr.squid-cache.org/Doc/FAQ/FAQ-23.html. All is fine up until the point I try and get windbind working, this is when I begin to get errors:
Code:
[root@delves-s samba]# # join domain
[root@delves-s samba]# net rpc join -U Administrator
Password:
Joined domain DELVES.

[root@delves-s samba]# # check secret
[root@delves-s samba]# wbinfo -t
checking the trust secret via RPC calls succeeded

[root@delves-s samba]# wbinfo -D delves
Name              : DELVES
Alt_Name          :
SID              : S-1-5-21-752677008-808481252-3068482387
Active Directory  : No
Native            : No
Primary          : Yes
Sequence          : -1

[root@delves-s samba]# wbinfo -u
Error looking up domain users

[root@delves-s samba]# wbinfo -g
BUILTIN+system operators
BUILTIN+replicators
BUILTIN+guests
BUILTIN+power users
BUILTIN+print operators
BUILTIN+administrators
BUILTIN+account operators
BUILTIN+backup operators
BUILTIN+users

[root@delves-s samba]# wbinfo -a delves\\adam+password
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user delves\adam+password with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user delves\adam+password with challenge/response
Wbinfo doesn't appear to see my domain as a trusted domain but I don't know why. :confused:

I know now this isn't a distribution or version specific issue becuase I have tried this with various versions of Samba and squid and on both Debian and Fedora 3 with identicle results.

Any help would be appreciated because I am banging my head against a brick wall. :scratch:

Decor_kev 12-02-2005 04:34 PM
Anybody find a solution to this problem
 
Suffering from the same dilema. Any solutions?

moleno 07-16-2006 03:46 AM
check this ... i hope it will be enough


http://www.linuxquestions.org/questi...ight=ntlm_auth


All times are GMT -5. The time now is 12:05 AM.