I was successful in getting LDAP to work, like so: auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b "dc=domain,dc=com" -D "cn=Administrator,cn=Users,dc=domain,dc=com" -w "password" -f sAMAccountName=%s -h 0.0.0.0 # real IP here auth_param basic children 5 auth_param basic realm SQUID auth_param basic credentialsttl 5 minutes However, this has a login required. I would like to not have this, which I understand is not part of using NTLM. I saw the following on a website: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid auth_param basic credentialsttl 2 hours I am receiving some errors. I will investigate more, but does this look correct. I did make the changes to http_access and acl, as requested. Thank you for your assistance. Shane -----Original Message----- From: Chris Robertson [mailto:crobertson@xxxxxxx] Sent: Tuesday, November 27, 2007 2:58 PM To: Squid Users Subject: Re: Authenticating with Samba for logging username in Squid access log Leach, Shane - MIS Laptop wrote: > When I added these lines, the connection was blocked. Could it be > that the authentication is not working correctly? I have success when > I attempt all wbinfo commands shown in the link. > > Thank you for your assistance. > > Shane > From your reply to Henrik (http://www.squid-cache.org/mail-archive/squid-users/200711/0636.html), it looks as though you are using a basic authentication helper to authenticate against LDAP. Further, it looks as though you are trying to perform this query over a non-encrypted channel, which some LDAP servers deny by default. Configuration examples are available for LDAP auth (http://wiki.squid-cache.org/ConfigExamples/SquidAndLDAP) and NTLM (since you have wbinfo working, start at http://wiki.squid-cache.org/ConfigExamples/WindowsAuthenticationNTLM#hea d-ce4db5f4eeb74d1c009e686ce23d633c87300abd). Hope that helps... Chris
