Search squid archive

Re: NTLM Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Fri, 5 Aug 2005, Henrik Nordstrom wrote:

On Wed, 3 Aug 2005, Mike Diggins wrote:

So far, IE users that are logged into the domain authenticate without an authentication prompt (good). Non IE users or users of other web clients are prompted for authentication, which is expected, except now they must type in the domain/username and password (i.e. ap1/myname) instead of just their username. That's a bigger change in behaviour than we would like. Is there a way to make this work or is this normal behaviour?

What Samba version?

It's an older one, 2.2.8 I believe. So if I upgrade to Samba 3.x this should work better? Is this process documented anywhere?


My authentication related configuration:

#Recommended minimum configuration:
auth_param ntlm program /usr/local/squid/libexec/ntlm_auth ap1/as7 ap1/as6

Looks like you are using Samba-2.X. You should be using Samba-3.x and their ntlm_auth helper, not the Samba-2.x helper from Squid.

auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off
auth_param basic program /usr/local/squid/sbin/mac_auth

What helper is this mac_auth helper?

It's this one who deals with basic authentication from no-IE browsers, and it's up to this helper to determine what makes a valid username or not.

Right, I should have mentioned that mac_auth is a little perl wrapper I got from you a couple of years ago. It lets me use smb_auth with two different Windows Servers.

Thanks,

-Mike

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux