Ok I have been trying various configurations in my squid.conf, I am
sure that I was over complicating the issue. Here is a stripped down
version that I would like to use basic if NTLM fails, but it never
drops down to the basic authentication. I think that I am putting
probably alot more in this than I need to get my point across, but if
I log into a machine locally, an try to get to the Internet it prompts
me, but doesn't seem to have the realm correct or use the basic
authentication, we have multiple domains and when we use auth_param
basic program /opt/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic users have to know there domain, and
some of our users aren't that bright:
cache_peer firewall.domain.com parent 8080 0 no-query default
emulate_httpd_log on
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --require-membership-of={SID of
our Internet Group}
auth_param ntlm children 5
#auth_param basic program /opt/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic program /opt/squid/libexec/squid_ldap_auth -R -b
"DC=domain,DC=com" -D "cn=Squid,OU=Service
Accounts,DC=hdq,DC=domain,DC=com" -w "xxxxxx" -f sAMAccountName=%s -h
directory.hdq.domain.com -p 3268
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl all src 0.0.0.0/0.0.0.0
acl authenticated_users proxy_auth REQUIRED
never_direct allow all
http_access allow authenticated_users
http_access deny all
http_reply_access allow all
icp_access allow all
