Re: Squid, Windows clients, RFC931, oh my.

To: debian-user@lists.debian.org
Subject: Re: Squid, Windows clients, RFC931, oh my.
From: Mark Roach <mrroach@okmaybe.com>
Date: 05 Jun 2002 19:21:02 -0500
Message-id: <[🔎] 1023322862.5138.20.camel@mrlinux>
In-reply-to: <[🔎] 3CFE67CC.7010505@ntlworld.com>
References: <[🔎] 3CFE67CC.7010505@ntlworld.com>

On Wed, 2002-06-05 at 14:34, Peter Whysall wrote:
> Here's the scenario.
> 
> I have a Woody box running the Squid web proxy server, with the 
> oh-so-nifty Squidalyser log analyser doohickey and it's working fine, 
> serving Windows clients. The Boss is pleased.
> 
> However there's a small fly in the ointment. Squid can look up RFC931 
> idents from clients. Squid can, with the aid of the smb_auth module 
> (which is included in the Debian package) authenticate against a Windows 
> PDC.
> 
> I really really want to tie these two together. I want Squid to do Samba 
> magic to get the username - or at a stretch, the NETBios name of the 
> client box - and stuff it in the logs.
> 
> I know there is a freeware ident server for Windows, and I know it works.
> 
> What I'm trying to avoid is installing something on the thick end of 200 
> boxes just to get a username out.
> 
> I've Googled. I've read the RFC. I'm all searched out. I can't find 
> anything about this - but I have a sneaking suspicion that someone, out 
> there, has already met this problem and has dealt with it with more 
> fortitude than I.
> 

What you want is NTLM authentication. Unfortunately the current stable
version of squid does not have support for it. 

I have built a squid 2.5pre5 .deb(binary) package with NTLM support that
has been the proxy for ~150 users in my company for a few months now. 

If you want, I can send it to you, or you can compile from source
yourself. there are a few caveats like making sure to set the correct
location for nmbclient in the SMB auth helpers makefile. These are the
config options I use:
--prefix=/usr --datadir=/usr/lib/squid --libexecdir=/usr/lib/squid
--mandir=/usr/share/man --infodir=/usr/share/man --sysconfdir=/etc/squid
'--enable-auth=ntlm basic' '--enable-basic-auth-helpers=SMB PAM MSNT'
'--enable-ntlm-auth-helpers=NTLMSSP fakeauth no_check'

I also have a shell script that pulls down the members of my NT domain
groups once an hour and dumps the user names into a usable-by-squid text
file if you care to look at it.

Hope that helps,

-Mark


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Squid, Windows clients, RFC931, oh my.
  - From: Peter Whysall <peter.whysall@ntlworld.com>
- Re: Squid, Windows clients, RFC931, oh my.
  - From: "Miquel van Smoorenburg" <miquels@cistron.nl>

References:
- Squid, Windows clients, RFC931, oh my.
  - From: Peter Whysall <peter.whysall@ntlworld.com>

Prev by Date: lilo and booting from /dev/hde question
Next by Date: Re: Debian take on UnitedLinux?
Previous by thread: Squid, Windows clients, RFC931, oh my.
Next by thread: Re: Squid, Windows clients, RFC931, oh my.
Index(es):
- Date
- Thread