Hi, I'm trying to authenticate the squid3 in Samba4. The part of Samba 4 authentication is OK, because with the commands wbinfo -i, getent passwd, klist, kinit is all right and I can get the expected results. Also on the command line can authenticate users (/usr /bin/ntlm_auth --username = DomainUser), however, when using the squid does not.
I have already followed several tutorials, including to authenticate to AD, as the Samba 4 is fully compatible with AD. Nothing works. Follow my configuration file (squid.conf): http_port 3128 visible_hostname proxy-server.meudominio.com.br error_directory /usr/share/squid3/errors/Portuguese error_default_language pt-br coredump_dir /var/spool/squid3 cache_mem 756 MB maximum_object_size_in_memory 128 kB maximum_object_size 512 MB minimum_object_size 0 KB cache_swap_low 90 cache_swap_high 95 cache_dir ufs /var/spool/squid3 2048 16 256 cache_access_log /var/log/squid3/access.log refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 ########################################################################### ######### user authentication ######### ########################################################################### auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param ntlm children 5 auth_param basic realm Squid-proxy-caching web server auth_param basic credentialsttl 2 hours acl autenticados proxy_auth REQUIRED # ACLS # #acl manager proto cache_object acl localhost src 127.0.0.1/32 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 70 563 70 210 280 488 59 591 777 901 1025-65535 acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny !autenticados http_access allow autenticados acl redelocal src 192.168.0.0/22 http_access allow localhost http_access allow redelocal http_access deny all ########################################################################### My /etc/hosts following below: 127.0.0.1 localhost 192.168.0.35 squid-server.mydomain.com.br squid-server The /etc/resolv.conf is: domain mydomain.com.br search mydomain.com.br nameserver 192.168.0.5 I found that the Squid folder there is this file that does not know: msntauth.conf, with the following contents: # Sample MSNT authenticator configuration file # Antonino Iannella, Stellar-X Pty Ltd # Sun Sep 2 15:52:31 CST 2001 # NT hosts to use. Best to put their IP addresses in /etc/hosts. server my_PDC my_BDC my_NTdomain server other_PDC other_BDC otherdomain # Denied and allowed users. Comment these if not needed. #denyusers /usr/local/squid/etc/msntauth.denyusers #allowusers /usr/local/squid/etc/msntauth.allowusers I'm using Debian 8 and Samba 4.1.17. Do anybody have an idea? Regards, Márcio
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
