squid ntlm authentication problem ? - squid

This is a discussion on squid ntlm authentication problem ? - squid ; Hi, i have a problem with squid / samba ntlm authentication against a NT domain. my server is a suse 9.1 with the following versions: squid 2.5 /stable 9 samba 3.0.22 i configured winbind with this FAQ: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html everything is ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: squid ntlm authentication problem ?

  1. squid ntlm authentication problem ?

    Hi,

    i have a problem with squid / samba ntlm authentication against a NT
    domain. my server is a suse 9.1 with the following versions:

    squid 2.5 /stable 9
    samba 3.0.22

    i configured winbind with this FAQ:
    http://www.squid-cache.org/Doc/FAQ/FAQ-23.html

    everything is fine. smbd, nmbd and winbindd are running.

    # wbinfo -t
    checking the trust secret via RPC calls succeeded

    # wbinfo -g and -u lists the domainusers and groups

    # /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
    mydomain+myuser mypasswd
    OK

    My squid.conf acl lines:

    acl AuthorizedUsers proxy_auth REQUIRED
    #acl fileupload req_mime_type -i ^multipart/form-data$
    #acl javascript rep_mime_type -i ^application/x-javascript$
    #
    #Recommended minimum configuration:
    acl user src 192.168.0.65/255.255.255.255
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT

    http_access allow manager user
    http_access deny manager
    # Deny requests to unknown ports
    http_access deny !Safe_ports
    # Deny CONNECT to other than SSL ports
    http_access deny CONNECT !SSL_ports
    http_access allow all AuthorizedUsers
    http_access deny all


    The problem is that no authentication window comes up if I start the IE
    browser or firefox. The logfile fom squid shows the following entry
    that means an authentication is required but it prompts not to enter
    username and password??

    *****************************

    If the header is missing, Squid returns an HTTP reply with status 407
    (Proxy Authentication Required). The user agent (browser) receives the
    407 reply and then prompts the user to enter a name and password. The
    name and password are encoded, and sent in the Authorization header for
    subsequent requests to the proxy.

    *****************************


    1149758301.809 25 192.168.0.65 TCP_DENIED/407 1760 GET
    http://www.google.de/ - NONE/- text/html
    1149758301.814 1 192.168.0.65 TCP_DENIED/407 1868 GET
    http://www.google.de/ - NONE/- text/html
    1149758301.896 81 192.168.0.65 TCP_MISS/200 3065 GET
    http://www.google.de/ MYDOMAIN+hofmann DIRECT/66.249.85.104 text/html

    The faq said that error TCP_DENIED/407 means that a ntlm_athentication
    is required, but I don't understand why I don't get a popup window to
    enter the domain username and password to authenticate me against our
    windows NT domain ?

    Who can help ?

    Thanks in advance
    Frank


  2. Re: squid ntlm authentication problem ?

    Have you ever been able to resolve this issue? I have run into the exact same issue and dont have much of a clue on how to resolve it. I would appreciate any pointers on what you did to solve it.

    thanks
    Yuji Nishii

+ Reply to Thread