[squid-users] Squid/NTLM Auth

Keith White keith.white at emdmillipore.com
Wed Oct 21 19:21:45 UTC 2015


I have squid running on Centos 7 and am trying to setup AD authentication.  I have samba/winbindd installed and the system was added to the domain with authconfig.  I have tested authentication with auth_ntlm and that works. I have also tested group membership with auth_ntlm and that works as well.  When attempting to access squid with either IE or Firefox I am presented with the authentication dialog box.  Manually entering credentials does not work.  What debugging can I enable to see what is going on?  Squid is built with the following

Squid Cache: Version 3.5.9-20150917-r13917
Service Name: squid
configure options:  '--prefix=/usr' '--includedir=/usr/include' '--datadir=/usr/share' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--localstatedir=/varsquid' '--sysconfdir=/etc/squid' '--enable-auth' '--enable-auth-ntlm' '--enable-external-acl-helpers' '--enable-auth-negotiate' '--enable-auth-basic' '--enable-auth-digest'


relevant section from squid.conf

auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl AuthorizedUsers proxy_auth REQUIRED
http_access allow localnet
http_access allow AuthorizedUsers
http_access allow localhost


Thanks,

Keith





This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith.



Click http://www.merckgroup.com/disclaimer to access the German, French, Spanish and Portuguese versions of this disclaimer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151021/d3c63b4c/attachment.html>


More information about the squid-users mailing list