Search squid archive

Re: Squid-Samba Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Sun, 11 Dec 2005, Serassio Guido wrote:


Hi,

At 23.44 10/12/2005, Mike Diggins wrote:
I'm running Squid V2.5Stable10 and Samba 3.0.14a using NTLM authentication and configured according to the FAQ (Winbind). 

So, I assume here that you are using Samba's ntlm_auth.


Yes.
All is working great except the PDC Admin has told me that all my authentications are occurring against only one of the two domain controllers. So, my question is likely to do with Samba, but does anyone know the correct config to make that happen? My current smb.conf looks like this: 

[global]
        workgroup = AP1
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        encrypt passwords = yes
        security=domain


What kind of domain ? NT 4 or Active Directory ?
If Active Directory you should use "security=ads"
Active Directory. So I guess I should change the security parameter to ads? 




        password server = as6.ad.McMaster.CA, as7.ad.mcmaster.ca


This should never needed: usually Samba find by itself the right DC.


Okay, so I can remove this line completely?




        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = yes
        preferred master = False
        local master = No
        domain master = False
        log file = /var/log/samba.log
Note: the domain is called AP1, the two domain controllers are as6 and as7. I'm told that all my authentications are going to as6 but switching the order doesn't seem to help. I'd like them both to be used as well as provide redundancy should one fail. 

Any advice would be appreciated.


Do you are using "auth_param ntlm use_ntlm_negotiate on" in squid.conf ?
Enabling NTLM Negotiate changes the way how the authentication process work.
No, I don't have that line in my squid config. Are you saying I should have it? What does it do? 


From my Squid.conf:


#
auth_param ntlm program /usr/local/squid/sbin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 25
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
#
auth_param basic program /usr/local/squid/sbin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 1 hours


Thanks for your help.

-Mike
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux