----- Original Message ----- From: "James Gray" <[EMAIL PROTECTED]> To: "Gareth Walters" <[EMAIL PROTECTED]> Sent: Friday, May 30, 2003 10:57 AM Subject: Re: [SLUG] squid authentication with winbind.
> Yeh it took me 3 days (on and off) to get squid+winbind (authenticating to a > Win2K in^H^HActive Directory) working on FreeBSD. You ask if there is any > additional testing you can do. Here are my suggestions: Thanks James > 1. Did you test the "wb_auth" helper as described in the URL you gave in > your original message? What was the result? (FAQ-23: Section 23.5, scroll > down to "Configure Squid" and just below that is "Test the helpers"). > Remember "wb_auth" is a squid helper whereas "wbinfo" is a SAMBA > component...dont confuse the two ;) If wb_auth doesn't exist, you need to > compile squid with winbind options. Hmm I think you found something, wb_auth only gives this output ]#wb_auth -d /wb_auth[17721](wb_basic_auth.c:168): basic winbindd auth helper build May 29 2003, 15:45:56 starting up... mydomain\myuser mypassword" /wb_auth[17721](wb_basic_auth.c:129): Got ''"' from squid (length:25). and it ends there nothing else > 2. Did you build squid with *ALL* of these?: > --enable-auth="ntlm,basic" > --enable-basic-auth-helpers="winbind" > --enable-ntlm-auth-helpers="winbind" Sure did, cut and pasted. here is the config line out of config.status ./configure --prefix=/usr/local/squid-2.5 --enable-auth=ntlm,basic --enable-bas ic-auth-helpers=winbind --enable-ntlm-auth-helpers=winbind > 3. What is in your squid.conf file? Did you add the authenticator lines > _exactly_ as on the FAQ-23 page? Yes, cut and pasted, making the path adjustments for my --prefix > 4. Did you restart squid after editing squid.conf? yes > 5. After restarting squid and testing with a browser what is in squid's > "access.log" (usually in /var/log/ or /var/log/squid/)?. What browser are > you testing with? What does it say? How are you logging in with the > browser? I've had instances where the triple field dialogue box in windows > with IE doesn't work as expected. You are asked for > username/password/domain but it wot authenticate. BUT if you enter > "domain\user" in the username field, and leave the domain field blank > (password as normal) it will authenticate. After that you can use all 3 > fields again. I've never figured out why IE does this occasionally, but it > seems to be after people leave a session idle for a long time, but not > always. > > That's about all I can think of at the moment. You've done the hard part; > winbind is working! :-) Squid "Just Works (tm)" if you compile and > configure it per FAQ-23 (23.5 specifically)....did you miss/skip something? > > Cheers, > > James I am using IE and Mozilla, neither one ask for a username/password if I get rid of the ntlm lines in squid.conf then it pops up a dialog and works but otherwise all it does is fail. I have checked and rechecked it. :( Any ideas? ---Gareth Walters -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
