Well I'm not sure on FC 5 but on FC 4 it does. Try it and get back to me. To configure the /etc/krb5.conf is quite straight forward open the edit the file and you'll see what I mean otherwise if you don't know how let me know and I'll send you copy of my file. Out of interest sake why use NTLM authentication when you can use the squid helper LDAP_group_auth? Janco v.d Merwe Network Administrator Dunns Stores (PTY) Ltd Switchboard: 011 541 3000 Direct: 011 541 3007 Fax: 086 632 1708 -----Original Message----- From: Information Security [mailto:InfoSec@xxxxxxxxxxxxx] Sent: 29 September, 2006 17:52 To: Janco van der Merwe;squid-users@xxxxxxxxxxxxxxx Subject: RE: NTLM authentication insquid I want to configure squid for user based filtering. I had infact tried configuring squid without actually adding this machine onto the domain. But then squid access.log does not show up the usernames (which it does in my RHEL squid setup). Would it solve the purpose of user based filtering in this scenario? If there is a way I can go ahead with it. Kindly guide... Regards, Navin J. -----Original Message----- From: Janco van der Merwe [mailto:jvdmerwe@xxxxxxxxxxx] Sent: Friday, September 29, 2006 8:53 PM To: Information Security; squid-users@xxxxxxxxxxxxxxx Subject: RE: NTLM authentication insquid Why do you want to join the machine to the domain? What we did was to configure /etc/krb5.conf to your Domain specifications and that way you don't have to go through the pain staking effort of joining a Linux machine to a MS Domain. In any case both Linux and Windows are Kerberos compliant. Janco v.d Merwe Network Administrator Dunns Stores (PTY) Ltd Switchboard: 011 541 3000 Direct: 011 541 3007 Fax: 086 632 1708 -----Original Message----- From: Information Security [mailto:InfoSec@xxxxxxxxxxxxx] Sent: 29 September, 2006 16:39 To: squid-users@xxxxxxxxxxxxxxx Subject: NTLM authentication insquid Hello, I am trying to configure NTLM authentication in squid. The squid server would authenticate users with win2K3 ADS. I had previously successfully done this with RHEL4. Currently I am trying on Fedora Core 5, but I am facing a lot of problem this time... the Linux machine simply does not join the domain. Authconfig-tui gives me the following error at the end of it: [2006/09/29 19:50:21, 0] utils/net_ads.c:ads_startup(191) ads_connect: Transport endpoint is not connected [2006/09/29 19:50:21, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) cli_rpc_pipe_open_schannel: failed to get schannel session key from server MYSERVER.CORP.MYCOMPANY.COM for domain MYDOMAIN. [2006/09/29 19:50:21, 0] utils/net_rpc_join.c:net_rpc_join_ok(61) Error connecting to NETLOGON pipe. Error was NT_STATUS_NO_TRUST_SAM_ACCOUNT Unable to join domain MYDOMAIN. Net join ads -U <AdminUserID> gives me the following error: [2006/09/29 19:52:21, 0] param/loadparm.c:map_parameter(2647) Unknown parameter encountered: "winbind seperator" [2006/09/29 19:52:21, 0] param/loadparm.c:lp_do_parameter(3398) Ignoring unknown parameter "winbind seperator" <AdminUserID>'s password: [2006/09/29 19:52:25, 0] utils/net_ads.c:ads_startup(191) ads_connect: Transport endpoint is not connected Unable to find a suitable server Unable to find a suitable server Can someone help me out? Navin J. Disclaimer: Information transmitted by this e-mail is proprietary to Adventity and/ or its Customers, intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at postmaster@xxxxxxxxxxxxx and delete this mail from your records. ________________________________________________________________________ ____ This communication and any attachments are confidential and intended for the sole use of the intended recipient. Any form of copying or disclosure of this communication to any third parties without permission is prohibited. The contents of this communication and its attachments are not intended to be relied upon in law without subsequent written confirmation. As such, Dunns Stores (Pty) Ltd accept no responsibility or liability (including negligence) for the consequences of anyone acting, or not acting, on information contained therein. If you have received this communication in error please notify us immediately and destroy or delete it. ________________________________________________________________________ ____ Disclaimer: Information transmitted by this e-mail is proprietary to Adventity and/ or its Customers, intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at postmaster@xxxxxxxxxxxxx and delete this mail from your records. ____________________________________________________________________________ This communication and any attachments are confidential and intended for the sole use of the intended recipient. Any form of copying or disclosure of this communication to any third parties without permission is prohibited. The contents of this communication and its attachments are not intended to be relied upon in law without subsequent written confirmation. As such, Dunns Stores (Pty) Ltd accept no responsibility or liability (including negligence) for the consequences of anyone acting, or not acting, on information contained therein. If you have received this communication in error please notify us immediately and destroy or delete it. ____________________________________________________________________________