[Samba] [newbie] SQUID/SAMBA problems with NTLM_Auth

Stuart Chase schase at elpasohonda.com
Mon Nov 29 21:13:52 GMT 2004

Hello, I havn't gotten an answer over on the squid usergroup - so I'm hoping
someone can help me here.

SUSE - 9.1
SAMBA - 3.0.2a-SUSE (the one that came with SUSE Installer by YAST)

I have set up squid, samba, got the winbind to work great 
Wbinfo -t, -u, -g all work great 
Squid also worked great until I tried to tie in NTLM_Auth 
If I authenticate using /usr/bin/ntlm_auth --username=administrator 

It authenticates perfectly. 

I have this in my squid.conf 

auth_param ntlm program /usr/bin/ntlm_auth 
auth_param ntlm children 45 
auth_param ntlm max_challenge_reuses 0 
auth_param ntlm max_challenge_lifetime 2 minutes 
auth_param basic program /usr/bin/ntlm_auth 
auth_param basic children 5 
auth_param basic realm Squid proxy-caching web server 
auth_param basic credentialsttl 2 hours 

And my ACL's 

acl all src 
acl localhost src 
http_access allow localhost 
acl AuthorizedUsers proxy_auth REQUIRED 
http_access allow all AuthorizedUsers 
http_access deny all 
http_reply_access allow all 

And if I try to browse anywebsite at all, the squid access.log shows 

In the squid cache.log I can see it authenticateValidateUser: Validating 
Auth_user request '0x8487f80' 
Then authenticateValidateUser: Validated Auth_user request '0x8487f80' 
User not fully authenticated 
It will continue like that counting 4,3,2,1 And will eventually say 
The request GET http://www.yahoo.com/ is DENIED, because it matched 
Access Denied: http://www.yahoo.com 
AciMatchedName = AuthorizedUsers 
Proxy Auth message = <NULL> 

Later down the log I'll see 
Creating entry 0x832c000: near 'X-Squid-Error: ERR_CACHE_ACCESS DENIED 0' 
Creating entry 0x832c000' near 'Proxy-Authenticate: NTLM - a whole bunch of 
letters, then trying more lookups. 

Any ideas where I seem to be going awry here? 

Thank you. 

More information about the samba mailing list