How to Install and configure Dansguardian with NTLM auth - squid problem

Discussion in 'HOWTO-Related Questions' started by propercc, May 15, 2008.

  1. propercc

    propercc New Member

    I follow the instructions here.

    I have successfully:

    Configure Kerberos.
    Configure Dansguardian.
    Webmin.
    Samba.
    Winbind.
    Join the domain.
    I can query the domain users and groups fine.

    Problems:

    #1

    The step below is giving me problems. I do not have etc/init.d/winbind-ch.sh in installalation of Debian Etch. There is a winbind file in that directory but no winbind-ch.sh.

    Code:
    Squid needs access to /var/run/samba/winbindd_privileged
    We can easly fix this but the permissions will change when we reboot
    So Jesse Waters on ubuntuforums.org posted a script that will set the permissions on every system boot.
    
    Edit /etc/init.d/winbind-ch.sh and paste the following into it.
    
    #!/bin/sh
    #set -x
    WINBINDD_PRIVILEGED=/var/run/samba/winbindd_privileged
    chmodgrp() {
    chgrp proxy $WINBINDD_PRIVILEGED || return 1
    chmod g+w $WINBINDD_PRIVILEGED || return 1
    }
    case "$1" in
    start)
    chmodgrp
    ;;
    restart|reload|force-reload)
    echo "Error: argument '$1' not supported" >&2
    exit 3
    ;;
    stop)
    ;;
    *)
    echo "Usage: $0 start|stop" >&2
    exit 3
    ;;
    esac
    #EOF
    
    update-rc.d winbind-ch.sh start 21 2 3 4 5 .
    
    #2

    I followed and completed every step under configure the Squid Proxy Server however I am left with this error upon trying to restart squid:

    Failed to reconfigure squid :
    2008/05/14 22:22:05| Invalid Proxy Auth ACL 'acl ntlm_auth proxy_auth REQUIRED' because no authentication schemes are fully configured.
    FATAL: Bungled squid.conf line 1458: acl ntlm_auth proxy_auth REQUIRED
    Squid Cache (Version 2.6.STABLE5): Terminated abnormally.



    Any ideas?
     
  2. falko

    falko Super Moderator

    You can search for winbind-ch.sh like this:
    Code:
    updatedb
    locate winbind-ch.sh
     
  3. propercc

    propercc New Member

    Yup, tried that already. I get no response. Not even a scrolling list of file names. No output, error, nothing.
     
  4. falko

    falko Super Moderator

    That means the file does not exist. Have you tried to contact the author of the tutorial?
     
  5. Michele A.

    Michele A. New Member

    I've solved this issue by moving the following lines

    auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
    auth_param ntlm children 5
    auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
    auth_param basic children 5
    auth_param basic credentialsttl 2 hour
    auth_param basic realm Domain Proxy Server

    before the auth acl:

    acl apache rep_header Server ^Apache
    acl ntlm_auth proxy_auth REQUIRED

    Tell me if works also for you.
     
  6. xenonex

    xenonex New Member

    Thanks Michele A.

    Your resolution (Putting the auth_param configurations above the acl) fixed my problem as well.
     

Share This Page