How to Install and configure Dansguardian with NTLM auth - squid problem

[propercc]

I follow the instructions here.

I have successfully:

Configure Kerberos.
Configure Dansguardian.
Webmin.
Samba.
Winbind.
Join the domain.
I can query the domain users and groups fine.

Problems:

#1

The step below is giving me problems. I do not have etc/init.d/winbind-ch.sh in installalation of Debian Etch. There is a winbind file in that directory but no winbind-ch.sh.

Code:

Squid needs access to /var/run/samba/winbindd_privileged
We can easly fix this but the permissions will change when we reboot
So Jesse Waters on ubuntuforums.org posted a script that will set the permissions on every system boot.

Edit /etc/init.d/winbind-ch.sh and paste the following into it.

#!/bin/sh
#set -x
WINBINDD_PRIVILEGED=/var/run/samba/winbindd_privileged
chmodgrp() {
chgrp proxy $WINBINDD_PRIVILEGED || return 1
chmod g+w $WINBINDD_PRIVILEGED || return 1
}
case "$1" in
start)
chmodgrp
;;
restart|reload|force-reload)
echo "Error: argument '$1' not supported" >&2
exit 3
;;
stop)
;;
*)
echo "Usage: $0 start|stop" >&2
exit 3
;;
esac
#EOF

update-rc.d winbind-ch.sh start 21 2 3 4 5 .

#2

I followed and completed every step under configure the Squid Proxy Server however I am left with this error upon trying to restart squid:

Failed to reconfigure squid :
2008/05/14 22:22:05| Invalid Proxy Auth ACL 'acl ntlm_auth proxy_auth REQUIRED' because no authentication schemes are fully configured.
FATAL: Bungled squid.conf line 1458: acl ntlm_auth proxy_auth REQUIRED
Squid Cache (Version 2.6.STABLE5): Terminated abnormally.



Any ideas?

[falko]

You can search for winbind-ch.sh like this:

Code:

updatedb
locate winbind-ch.sh

[propercc]

Yup, tried that already. I get no response. Not even a scrolling list of file names. No output, error, nothing.

[falko]

That means the file does not exist. Have you tried to contact the author of the tutorial?

[Michele A.]

Quote:

Originally Posted by propercc

I follow the instructions
Failed to reconfigure squid :
2008/05/14 22:22:05| Invalid Proxy Auth ACL 'acl ntlm_auth proxy_auth REQUIRED' because no authentication schemes are fully configured.
FATAL: Bungled squid.conf line 1458: acl ntlm_auth proxy_auth REQUIRED
Squid Cache (Version 2.6.STABLE5): Terminated abnormally.

I've solved this issue by moving the following lines

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic credentialsttl 2 hour
auth_param basic realm Domain Proxy Server

before the auth acl:

acl apache rep_header Server ^Apache
acl ntlm_auth proxy_auth REQUIRED

Tell me if works also for you.

[xenonex]

Your resolution (Putting the auth_param configurations above the acl) fixed my problem as well.