Squid 2.9 w/ NTLM

[qwaven]

Hi all,

I'm trying to get an http content filter (Dansguardian) to work with NTLM authentication. I've setup Squid-2.7.9 as best I can for NTLM auth.

The system 'should' be joined to a Windows Domain and I believe authenticates fine.

wbinfo -a mydomain\\usernama%password
plaintext password authentication succeeded
challenge/response password authentication succeeded

If I connect directly to the squid proxy via my web browser I am able to surf the net. However through the http filter I am denied because my username is not allowed.

I'm wondering if it is possible to verify that authentication is working in SQUID? And how I can ensure it is required?

In my squid conf I have:

#Recommended minimum configuration:
#acl all src all
acl authenticated proxy_auth REQUIRED
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

Any help would be great!
Thanks.

 

[qwaven]

Hi again,

I found an example which I believe has fixed my Squid up some more. However there was one part (Linux only?) that I could not do which I believe is effecting my setup. Right now I get prompted for username and password.

According to the example (page below) I need to allow Squid to access the WinBind NTLM.

gpasswd -a proxy winbindd_priv

On FreeBSD the above command does not work and I am not sure what the alternative is.

Original guide: http://wiki.squid-cache.org/ConfigE...ng_Squid_for_NTLM_with_Winbind_authenticators

Thanks!

 

[qwaven]

Still have not been able to resolve. Anyone?