Is that computer on your windows domain ? Quoting "Franco, Battista" <Battista.Franco@xxxxxxxxxxxxxxxx>: > Hello > I configured squid and samba but (from a client with MS IE 6) when i tried to > connect to internet the pop-up with a request of username and password > appears. > More info below: > > # wbinfo -t > checking the trust secret via RPC calls succeeded > # wbinfo -a mydom\\user%password > plaintext password authentication succeeded > challenge/response password authentication succeeded > # /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic > Mydom+user password > [2006/06/12 14:52:07, 3] utils/ntlm_auth.c:check_plaintext_auth(292) > NT_STATUS_OK: Success (0x0) > OK > # > > ---- > > Smb.conf is: > > .... > netbios name = aa1pxysav00 > realm = ZA.IF.ATCSG.NET > workgroup = ZA > security = ADS > password server = server.mydom.com > encrypt passwords = yes > log level = 3 passdb:5 auth:10 winbind:5 > idmap uid = 10000-20000 > template shell = /bin/false > winbind enum users = yes > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind separator = + > winbind use default domain = yes > ... > > ---- > > Squid.conf is: > .... > auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 30 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 2 minutes # ntlm_auth from Samba 3 > supports NTLM NEGOTIATE packet auth_param ntlm use_ntlm_negotiate on > auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic > auth_param basic children 5 auth_param basic realm Squid proxy-caching web > server auth_param basic credentialsttl 2 hours auth_param basic casesensitive > off .... > acl AuthorizedUsers proxy_auth REQUIRED > http_access allow all AuthorizedUsers > .... > cache_peer proxy.xxx.com parent 8080 0 proxy-only default > > ------ > > Access.log > > 1150117192.969 364 10.239.57.34 TCP_MISS/200 4388 GET > http://www.google.it/ username DEFAULT_PARENT/proxy.xxx.com text/html > 1150117223.316 24100 10.239.57.34 TCP_MISS/503 1384 GET > http://www.google.it/imghp? username NONE/- text/html > > > > Could you help me? > > > > -----Messaggio originale----- > Da: Jakob Curdes [mailto:jc@xxxxxxxxxxxxxxx] > Inviato: venerdì 9 giugno 2006 14.44 > A: Franco, Battista > Cc: squid-users@xxxxxxxxxxxxxxx > Oggetto: Re: AD and Single Sign On > > Franco, Battista schrieb: > > >Hello > > > >I used a squid 2.5 stable 9 on fedora code 4. > > > >My windows domain is an AD 2003. > > > >Is it possibile to configure my squid to work as "single sign on" so > >users will not need to put username and password when accessing to > >internet? > > > >How do i do it? > > > > > > > > > > > See > > http://wiki.squid-cache.org/SquidFaq/ProxyAuthentication > > Hope this helps, > > Jakob Curdes > > Hint for the FAQ admins : the keyword NTLM or AD does not show up anywhere in > the content list, myabe it would be a good idea to shift one of the headlines > a little - this question keeps getting asked again and again. > > Jakob Curdes > > -- Peter Collins Wasenda Network Administrator IT Division, Corporate Services Uganda Revenue Authority P.O. Box 7279, Kampala Tel: (041)334474,334535 Mob: 0752-996477 --------------------------------------------------------------- ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
