Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I followed (partially) the config file that was displayed on the squid site (here: Clickety) after I had joined the server to the domain (correctly as per the how to on the CentOS website)
BTW, this is with CentOS 5.5 and Squid 2.6
This is my squid.conf:
Code:
#auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="RCH\InternetUsers"
auth_param ntlm program /usr/local/bin/ntlm_auth RCH/RCHDC01
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
# ntlm_auth from Samba 3 supports NTLM NEGOTIATE packet
auth_param ntlm use_ntlm_negotiate on
# warning: basic authentication sends passwords plaintext
# a network sniffer can and will discover passwords
auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="RCH\InternetUsers"
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl InternetUsers proxy_auth REQUIRED
http_access allow InternetUsers
http_access deny all
The idea is to block all users not in the AD security group "InternetUsers" from accessing the internet (this is intentional as at the Red Cross Hospital there is some serious time wastage happening and therefore lock down is in place)
When I try to start the squid service it fails and checking /var/logs/messages it reads:
Quote:
Feb 9 21:25:25 RCHPX01 squid[13525]: Bungled squid.conf line 21: http_access deny all
Well you need to find it what the error was. Not sure why the service script b0rked so badly, but that isn't the error itself. Look in the log files or run squid directly without the service script for full disclosure.
OK, I went at it with the determination of a hamster on his wheel.
I figured out several things.
1. I had to be a lot more precise when it comes to my src definition (which makes sense)
2. If I have httpd running, obviously I cannot use port 80 because competition would ensue between the services
3. The location of the ntlm helper libraries are not the ones I, naively, pasted right away. I should have known better.
4. I should RTFM before I start tackling stuff like this and then asking n00b questions.
Thanks a lot mate, you were patient with me
Last edited by Mustafa Ismail Mustafa; 02-17-2011 at 07:26 AM.
Reason: forgot another point
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.