Search squid archive

RE: Squid with auth NTLM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Whats your "squid -v"

________________________________

From: Leandro Ferrrari [mailto:talsoft@xxxxxxxxx]
Sent: Tue 12/18/2007 5:43 AM
To: Nick Duda
Cc: Amos Jeffries; squid-users@xxxxxxxxxxxxxxx
Subject: Re:  Squid with auth NTLM



Hi, yes the command wbinfo -g and -u working perfectly. My configuration is:

krb5.conf:
...
[libdefaults]
 default_realm = NEXTIT.LOCAL
 dns_lookup_realm = yes
 dns_lookup_kdc = yes

[realms]
 NEXTIT.LOCAL = {
  kdc = vm-ws2003.nextit.local:88
  admin_server = vm-ws2003.nextit.local:749
  default_domain = NEXTIT
 }

[domain_realm]
 .nextit.local = NEXTIT.LOCAL
 nextit.local = NEXTIT.LOCAL
...

SMB.conf:

[global]
workgroup = NEXTIT
server string = Samba Server
password server = NameOfServer
encrypt passwords = yes
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 realm = NEXTIT.LOCAL
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   template shell = /bin/false
   winbind enum users = yes
   winbind enum groups = yes
   winbind use default domain = yes
   client ntlmv2 auth = yes


Server Windows Active Directory is Windows 2003 Server
Client Windows  is Windows XP

Sincerely
Leandro Ferrari




2007/12/17, Nick Duda <nduda@xxxxxxxxxxxxxx>:
> Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ?
>
> I would troubleshoot your domain connectivity before you worry about squid.
>
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
> Sent: Mon 12/17/2007 7:33 PM
> To: Leandro Ferrrari
> Cc: squid-users@xxxxxxxxxxxxxxx
> Subject: Re:  Squid with auth NTLM
>
> > I have configured squid 3.0 with NTLM, and this configuration in
> > squid.conf is:
> >
> > auth_param ntlm program /usr/local/bin/ntlm_auth
> > --helper-protocol=squid-2.5-ntlmssp
> > auth_param ntlm children 30
> > auth_param ntlm max_challenge_lifetime 2 minutes
> >
> > auth_param basic program /usr/local/bin/ntlm_auth
> > --helper-protocol=squid-2.5-basic
> > auth_param basic children 5
> > auth_param basic realm Squid proxy-caching web server
> > auth_param basic credentialsttl 2 hours
> >
> > When a test the ntlm auth, in the Explorer client with a user
> > authenticate in Domain Controller Windows 2003, the explorer or
> > firefox show popup of the basic auth.
> > How to use the ntlm auth with an user of the domain group without auth
> > basic?
>
> Remove the basic configuration to not use it.
> You NTLM is broken by the sound of it if its always falling back on basic.
> Although the login box does not necessarily mean basic is being used. It
> could just be that the browser has no working credentials for the user to
> login NTLM with.
>
>
> Amos
>
>
>




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux