|
Squid and NTLM authorisation
Hi all
I've got 2 issues here, both to do with Squid proxy/cache service. I'm desperately trying to find a replacement for our naff solution we have at the moment (we being a school in the UK). I've essentially got squid to run ok, and its great so far. However, what I'm really interested in is the authentication side of it. Now I'm nor sure whether I'm getting this wrong, but I should be able to set it up so that users of the proxy have to be authenticated first, via our existing Windoze domain. Yeah? I've tried compiling the contents of squidfolder/src/auth/ntlm (to make the ntlm_auth) but all I get is "Nothing to do for all... etc etc" and nothing is compiled. I downloaded the latest stable release (squid-2.5.STABLE1.tar.gz). Anyone got this to work? Or even tried come to that... My second question, and this is why I really want to get it to work, is this : am I right that with authentication in use, the username will be recorded in the access.log file as well as or instead of the IP address? Any help obviously much appreciated - or if theres another way to achieve what I'm after.... Cheers, Dave |
Are you trying as well nertwork together linux side and windows side to have common shares? What I mean - are you trying to access shares on windos side from linux as well? You might consider SAMBA with swatch as well. Check out http://freshmeat.net/projects/swatch...43%2C862%2C152
and http://www.samba.org |
Cheers for the reply - thats not quite what I'm trying to do, tho I shall certainly check it out anyway
It is basically an all windows network (I didn't know any better at the time) What I want to do is have the web proxy (Slackware with Squid) only allow authorised users to access the web. Preferably the authorisation would come from the domain controller for our domain by using the ntlm_auth addon for squid; I've read this uses the samba client utils which I have installed and working fine. There is a bit of documentation on authorisation schemes on www.squid-cache.org, but unfortunately the bit about using ntlm is missing (tho a "thanks to the samba team" message is there, so my guess is it works). The main problem is getting the ntlm_auth file, which is optional with squid, to compile and install. Cheers |
I see, I am still researching the issue, and look what I hit when I browsed over to freshmeat.net
http://freshmeat.net/releases/98881/ Take a look, see if you can benefit from it. |
Solution...?
Hi
Taken me some time to reply - sorry The NTLM Lib thing looks interesting, but unfortunately I'm not a programmer really, especially when it comes to linux. Got a copy tho and it might come in handy later... Thought I should add something to the thread about what I've done, for anyone else searching the forums I've realised that there have been some changes in teh way squid does proxy authentication over the last few releases. This means that a lot of the documentation I've been looking at isn't quite right. Even the .conf file has info in it that doesn't seem right. (On the bright side, you wouldn't believe how much I've discovered :) ) To compile the NTLM addons you have to specify compile options when you compile squid - and not compile them seperately ( ./configure --help to list the options....) The down side.... I still can't get it to work! As its a new problem, I shall start a new thread |
Hello,
I'm using squid-2.5.PRE12 which is working fine on Redhat7.2. I'm authenticating users in the NT domain (ntlm). I've tried upgrading to Squid2.5.stable1 - but it doesn't work - complains of "AuthenticateHandleReply". I'm now back on the pre-release. The pre-release seems very stable - running for 2months now. |
I ran into the same problem with the latest Squid stable. Here was my solution:
configure --enable-auth="ntlm basic" Seems to work fine now. Regards, Scott |
| All times are GMT -5. The time now is 10:39 PM. |