> From: Paul Matthews [mailto:paul.matthews@xxxxxxxxxxxxxxxxxxxx] > Subject: NTLM without username/password prompt > > I've setup NTLM authentication on my fedora box a few times before and > it all went off without a problem, seamless authentication, it was > great. But now I'm trying to get it done on a RHEL 4 box and it's not > going so well, I've got samba authenticating against my > Active directory > > [root@rhel4 /]# wbinfo -t > checking the trust secret via RPC calls succeeded > > but when I use my MSIE browser when I'm logged into the domain I get a > username/password prompt. I want it to be able to do it on the > background, any suggestions? > > I've read just about everything there is to read on the net. > > Here is my what I have added to my squid.conf > > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hour > auth_param basic casesensitive off > auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic > auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 30 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 2 hour > > > acl ntlm proxy_auth REQUIRED > > http_access allow ntlm > > I don't have one http_access rule and that's to allow the ntlm users > through. > Any suggestions? > Paul, Try reversing the order your auth_param basic and ntlm declarations. While browsers are supposed to pick the strongest authentication method, most seem to latch onto the first one supplied. Regards, David. __ David Gameau ISTS - Systems Infrastructure Group University of South Australia email: David.Gameau@xxxxxxxxxxxx phone: +61 8 302 3533 fax: +61 8 302 5800 Disclaimer: "His brain sometimes stops working." - Chiyo, Azumanga Daioh
