[squid-users] error windbind

Amos Jeffries squid3 at treenet.co.nz
Fri Jul 24 13:50:11 UTC 2015


On 24/07/2015 11:24 p.m., Posta Esterna wrote:
> 
> Thanx Amos,
> Squid was the first problem... using /usr/lib/squid/ntlm_auth instead of
> /usr/bin/ntlm_auth
> 
> About upgrading unfortunatelly i have only an old DELL P4 (10 years
> old?) with 1GB of RAM... and for my fortune this is only the PROXY n°2
> (the backup).... The PROXY n°1 goes well with a version of KERIO Control...
> 

FWIW, I run a few customer sites with older hardware than that. Of
course those dont service much traffic. But Squid-3.5 with small cache
is not even taxing the hardware.

Kind of my specialty hobby now. Running Squid on recycled and low-spec
hardware :-)


> I've still have problems....
> it says:
> ....
> [2015/07/24 12:06:41, 0] utils/ntlm_auth.c:get_windbind_domain(146)
>   could not obtain windbind domain name!
> .....
> 

That seems to be an internal winbind / Samba problem.

Once you have the right helper Squids part is reduced to ferrying the
HTTP Auth header contents to and from it.


PS. Unless you are fighting with similarly ancient Windows 2K boxen I
suggest looking into Negotiate/Kerberos (squid_kerb_auth etc should work
okay with 2.6) instead of, or as well as, NTLM. Sometimes its a bit more
painful to setup, but much more resource efficient _and_ secure.

Amos



More information about the squid-users mailing list