[squid-users] Problem with NTLM authentication

Hi!

I try to use NTLM authentication with MS Internet Explorer as client
and squid as proxy:

IE ---NTLM auth---> squid ---SMB AUTH---> Domain Controller

I got me today squid-3.0-DEVEL-20021223, compiled it as follows

./configure --enable-ntlm-auth-helpers=SMB --enable-auth=ntlm

and then configured:

acl domainusers proxy_auth REQUIRED
http_access allow domainusers
http_access deny all

auth_param ntlm program ntlm_auth mydomain\mycontroller
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

When I start squid in debug mode, everything looks fine:

# /usr/local/squid/sbin/squid -d 9 -sYDN -f /etc/squid.conf
2003/01/15 17:19:02| Starting Squid Cache version 3.0-DEVEL-20021223 for
i686-pc-linux-gnu...
2003/01/15 17:19:02| Process ID 15111
2003/01/15 17:19:02| With 1024 file descriptors available
2003/01/15 17:19:02| DNS Socket created at 0.0.0.0, port 2071, FD 6
2003/01/15 17:19:02| Adding nameserver 212.68.119.1 from /etc/resolv.conf
2003/01/15 17:19:02| helperStatefulOpenServers: Starting 5 'ntlm_auth'
processes
2003/01/15 17:19:02| Unlinkd pipe opened on FD 16
2003/01/15 17:19:02| Swap maxSize 102400 KB, estimated 7876 objects
2003/01/15 17:19:02| Target number of buckets: 393
2003/01/15 17:19:02| Using 8192 Store buckets
2003/01/15 17:19:02| Max Mem size: 16384 KB
2003/01/15 17:19:02| Max Swap size: 102400 KB
2003/01/15 17:19:02| Rebuilding storage in /usr/local/squid/cache (CLEAN)
2003/01/15 17:19:02| Using Least Load store dir selection
2003/01/15 17:19:02| Current Directory is
/usr/src/isg/squid-3.0-DEVEL-20021223
2003/01/15 17:19:02| Loaded Icons.
2003/01/15 17:19:02| Accepting HTTP connections at 0.0.0.0, port 8080, FD
18.
2003/01/15 17:19:02| Accepting ICP messages at 0.0.0.0, port 3130, FD 19.
2003/01/15 17:19:02| WCCP Disabled.
2003/01/15 17:19:02| Ready to serve requests.
2003/01/15 17:19:02| Done reading /usr/local/squid/cache swaplog (16
entries)
2003/01/15 17:19:02| Finished rebuilding storage from disk.
2003/01/15 17:19:02| 16 Entries scanned
2003/01/15 17:19:02| 0 Invalid entries.
2003/01/15 17:19:02| 0 With invalid flags.
2003/01/15 17:19:02| 16 Objects loaded.
2003/01/15 17:19:02| 0 Objects expired.
2003/01/15 17:19:02| 0 Objects cancelled.
2003/01/15 17:19:02| 0 Duplicate URLs purged.
2003/01/15 17:19:02| 0 Swapfile clashes avoided.
2003/01/15 17:19:02| Took 0.0 seconds ( 16.0 objects/sec).
2003/01/15 17:19:02| Beginning Validation Procedure
2003/01/15 17:19:02| Completed Validation Procedure
2003/01/15 17:19:02| Validated 16 Entries
2003/01/15 17:19:02| store_swap_size = 100k
2003/01/15 17:19:03| storeLateRelease: released 0 objects

So far so good, but when I start the Internet Explorer and
open any page, nothing at all happens. There is no entry at
the access.log and no output from squid.
The http request simply timeouts.

(of course it works without authentication when I remove the
 access lists in squid.conf).

Any hints are welcome, thanks!

Kind regards,

Stefan Gasteiger
SG5599-RIPE
I+K Betrieb (zertifiziert nach DIN EN ISO 9001)
InfraServ Gendorf
Tel.: +49 8679 7 5599
Fax: +49 8679 7 39 5599
E-Mail: Stefan.Gasteiger@gendorf.de
Received on Wed Jan 15 2003 - 09:21:39 MST