LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-01-2002, 01:19 PM   #1
davebarnes
LQ Newbie
 
Registered: Dec 2000
Location: Derbys, UK
Distribution: RedHat, Slackware
Posts: 29

Rep: Reputation: 15
Squid and NTLM authorisation


Hi all

I've got 2 issues here, both to do with Squid proxy/cache service. I'm desperately trying to find a replacement for our naff solution we have at the moment (we being a school in the UK).

I've essentially got squid to run ok, and its great so far. However, what I'm really interested in is the authentication side of it. Now I'm nor sure whether I'm getting this wrong, but I should be able to set it up so that users of the proxy have to be authenticated first, via our existing Windoze domain. Yeah?

I've tried compiling the contents of squidfolder/src/auth/ntlm (to make the ntlm_auth) but all I get is "Nothing to do for all... etc etc" and nothing is compiled. I downloaded the latest stable release (squid-2.5.STABLE1.tar.gz).

Anyone got this to work? Or even tried come to that...

My second question, and this is why I really want to get it to work, is this : am I right that with authentication in use, the username will be recorded in the access.log file as well as or instead of the IP address?

Any help obviously much appreciated - or if theres another way to achieve what I'm after....

Cheers,
Dave
 
Old 10-01-2002, 03:27 PM   #2
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Rep: Reputation: 56
Are you trying as well nertwork together linux side and windows side to have common shares? What I mean - are you trying to access shares on windos side from linux as well? You might consider SAMBA with swatch as well. Check out http://freshmeat.net/projects/swatch...43%2C862%2C152
and http://www.samba.org
 
Old 10-01-2002, 05:04 PM   #3
davebarnes
LQ Newbie
 
Registered: Dec 2000
Location: Derbys, UK
Distribution: RedHat, Slackware
Posts: 29

Original Poster
Rep: Reputation: 15
Cheers for the reply - thats not quite what I'm trying to do, tho I shall certainly check it out anyway

It is basically an all windows network (I didn't know any better at the time)

What I want to do is have the web proxy (Slackware with Squid) only allow authorised users to access the web. Preferably the authorisation would come from the domain controller for our domain by using the ntlm_auth addon for squid; I've read this uses the samba client utils which I have installed and working fine.

There is a bit of documentation on authorisation schemes on www.squid-cache.org, but unfortunately the bit about using ntlm is missing (tho a "thanks to the samba team" message is there, so my guess is it works).

The main problem is getting the ntlm_auth file, which is optional with squid, to compile and install.

Cheers
 
Old 10-01-2002, 06:36 PM   #4
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Rep: Reputation: 56
I see, I am still researching the issue, and look what I hit when I browsed over to freshmeat.net
http://freshmeat.net/releases/98881/
Take a look, see if you can benefit from it.
 
Old 10-11-2002, 12:51 PM   #5
davebarnes
LQ Newbie
 
Registered: Dec 2000
Location: Derbys, UK
Distribution: RedHat, Slackware
Posts: 29

Original Poster
Rep: Reputation: 15
Solution...?

Hi
Taken me some time to reply - sorry

The NTLM Lib thing looks interesting, but unfortunately I'm not a programmer really, especially when it comes to linux. Got a copy tho and it might come in handy later...

Thought I should add something to the thread about what I've done, for anyone else searching the forums

I've realised that there have been some changes in teh way squid does proxy authentication over the last few releases. This means that a lot of the documentation I've been looking at isn't quite right. Even the .conf file has info in it that doesn't seem right. (On the bright side, you wouldn't believe how much I've discovered )

To compile the NTLM addons you have to specify compile options when you compile squid - and not compile them seperately ( ./configure --help to list the options....)

The down side.... I still can't get it to work!

As its a new problem, I shall start a new thread
 
Old 10-24-2002, 05:19 AM   #6
bdavids
LQ Newbie
 
Registered: Oct 2002
Posts: 1

Rep: Reputation: 0
Hello,

I'm using squid-2.5.PRE12 which is working fine on Redhat7.2. I'm authenticating users in the NT domain (ntlm).

I've tried upgrading to Squid2.5.stable1 - but it doesn't work - complains of "AuthenticateHandleReply". I'm now back on the pre-release.

The pre-release seems very stable - running for 2months now.
 
Old 11-11-2002, 03:27 PM   #7
scothaniel
LQ Newbie
 
Registered: Nov 2002
Distribution: various
Posts: 1

Rep: Reputation: 0
I ran into the same problem with the latest Squid stable. Here was my solution:

configure --enable-auth="ntlm basic"

Seems to work fine now.



Regards,
Scott
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid and NTLM Authentication codedv Linux - Networking 5 07-16-2006 04:46 AM
squid NTLM IE prompt paul_mat Linux - Networking 0 09-20-2005 08:45 PM
Squid NTLM paul_mat Linux - Networking 2 09-15-2005 08:25 PM
squid.conf for NTLM paul_mat Linux - Networking 1 09-15-2005 08:21 PM
Squid combo authorisation? jhp Linux - Networking 2 09-06-2004 03:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration