Squid - squid ntlm authentication problem ?

This is Interesting: Free IT Magazines  
Home > Archive > Squid > June 2006 > squid ntlm authentication problem ?





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author squid ntlm authentication problem ?
aries.ram@freenet.de

2006-06-08, 7:14 am

Hi,

i have a problem with squid / samba ntlm authentication against a NT
domain. my server is a suse 9.1 with the following versions:

squid 2.5 /stable 9
samba 3.0.22

i configured winbind with this FAQ:
http://www.squid-cache.org/Doc/FAQ/FAQ-23.html

everything is fine. smbd, nmbd and winbindd are running.

# wbinfo -t
checking the trust secret via RPC calls succeeded

# wbinfo -g and -u lists the domainusers and groups

# /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
mydomain+myuser mypasswd
OK

My squid.conf acl lines:

acl AuthorizedUsers proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl user src 192.168.0.65/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager user
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow all AuthorizedUsers
http_access deny all


The problem is that no authentication window comes up if I start the IE
browser or firefox. The logfile fom squid shows the following entry
that means an authentication is required but it prompts not to enter
username and password??

*****************************

If the header is missing, Squid returns an HTTP reply with status 407
(Proxy Authentication Required). The user agent (browser) receives the
407 reply and then prompts the user to enter a name and password. The
name and password are encoded, and sent in the Authorization header for
subsequent requests to the proxy.

*****************************


1149758301.809 25 192.168.0.65 TCP_DENIED/407 1760 GET
http://www.google.de/ - NONE/- text/html
1149758301.814 1 192.168.0.65 TCP_DENIED/407 1868 GET
http://www.google.de/ - NONE/- text/html
1149758301.896 81 192.168.0.65 TCP_MISS/200 3065 GET
http://www.google.de/ MYDOMAIN+hofmann DIRECT/66.249.85.104 text/html

The faq said that error TCP_DENIED/407 means that a ntlm_athentication
is required, but I don't understand why I don't get a popup window to
enter the domain username and password to authenticate me against our
windows NT domain ?

Who can help ?

Thanks in advance
Frank

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com