[squid-users] Problems with Squid 3 Authentication on Samba 4
Marcio Demetrio Bacci
marciobacci at gmail.com
Sat Aug 1 23:57:44 UTC 2015
Hi,
I'm trying to authenticate the squid3 in Samba4. The part of Samba 4
authentication is OK, because with the commands wbinfo -i, getent passwd,
klist, kinit is all right and I can get the expected results. Also on the
command line can authenticate users (/usr /bin/ntlm_auth --username =
DomainUser), however, when using the squid does not.
I have already followed several tutorials, including to authenticate to AD,
as the Samba 4 is fully compatible with AD. Nothing works.
Follow my configuration file (squid.conf):
http_port 3128
visible_hostname proxy-server.meudominio.com.br
error_directory /usr/share/squid3/errors/Portuguese
error_default_language pt-br
coredump_dir /var/spool/squid3
cache_mem 756 MB
maximum_object_size_in_memory 128 kB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid3 2048 16 256
cache_access_log /var/log/squid3/access.log
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
###########################################################################
######### user authentication #########
###########################################################################
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param ntlm children 5
auth_param basic realm Squid-proxy-caching web server
auth_param basic credentialsttl 2 hours
acl autenticados proxy_auth REQUIRED
# ACLS #
#acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 70 563 70 210 280 488 59 591 777 901
1025-65535
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny !autenticados
http_access allow autenticados
acl redelocal src 192.168.0.0/22
http_access allow localhost
http_access allow redelocal
http_access deny all
###########################################################################
My /etc/hosts following below:
127.0.0.1 localhost
192.168.0.35 squid-server.mydomain.com.br squid-server
The /etc/resolv.conf is:
domain mydomain.com.br
search mydomain.com.br
nameserver 192.168.0.5
I found that the Squid folder there is this file that does not know:
msntauth.conf, with the following contents:
# Sample MSNT authenticator configuration file
# Antonino Iannella, Stellar-X Pty Ltd
# Sun Sep 2 15:52:31 CST 2001
# NT hosts to use. Best to put their IP addresses in /etc/hosts.
server my_PDC my_BDC my_NTdomain
server other_PDC other_BDC otherdomain
# Denied and allowed users. Comment these if not needed.
#denyusers /usr/local/squid/etc/msntauth.denyusers
#allowusers /usr/local/squid/etc/msntauth.allowusers
I'm using Debian 8 and Samba 4.1.17.
Do anybody have an idea?
Regards,
Márcio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150801/87393c51/attachment.html>
More information about the squid-users
mailing list