Whats your "squid -v" ________________________________ From: Leandro Ferrrari [mailto:talsoft@xxxxxxxxx] Sent: Tue 12/18/2007 5:43 AM To: Nick Duda Cc: Amos Jeffries; squid-users@xxxxxxxxxxxxxxx Subject: Re: Squid with auth NTLM Hi, yes the command wbinfo -g and -u working perfectly. My configuration is: krb5.conf: ... [libdefaults] default_realm = NEXTIT.LOCAL dns_lookup_realm = yes dns_lookup_kdc = yes [realms] NEXTIT.LOCAL = { kdc = vm-ws2003.nextit.local:88 admin_server = vm-ws2003.nextit.local:749 default_domain = NEXTIT } [domain_realm] .nextit.local = NEXTIT.LOCAL nextit.local = NEXTIT.LOCAL ... SMB.conf: [global] workgroup = NEXTIT server string = Samba Server password server = NameOfServer encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 realm = NEXTIT.LOCAL idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/false winbind enum users = yes winbind enum groups = yes winbind use default domain = yes client ntlmv2 auth = yes Server Windows Active Directory is Windows 2003 Server Client Windows is Windows XP Sincerely Leandro Ferrari 2007/12/17, Nick Duda <nduda@xxxxxxxxxxxxxx>: > Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ? > > I would troubleshoot your domain connectivity before you worry about squid. > > > -----Original Message----- > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > Sent: Mon 12/17/2007 7:33 PM > To: Leandro Ferrrari > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Squid with auth NTLM > > > I have configured squid 3.0 with NTLM, and this configuration in > > squid.conf is: > > > > auth_param ntlm program /usr/local/bin/ntlm_auth > > --helper-protocol=squid-2.5-ntlmssp > > auth_param ntlm children 30 > > auth_param ntlm max_challenge_lifetime 2 minutes > > > > auth_param basic program /usr/local/bin/ntlm_auth > > --helper-protocol=squid-2.5-basic > > auth_param basic children 5 > > auth_param basic realm Squid proxy-caching web server > > auth_param basic credentialsttl 2 hours > > > > When a test the ntlm auth, in the Explorer client with a user > > authenticate in Domain Controller Windows 2003, the explorer or > > firefox show popup of the basic auth. > > How to use the ntlm auth with an user of the domain group without auth > > basic? > > Remove the basic configuration to not use it. > You NTLM is broken by the sound of it if its always falling back on basic. > Although the login box does not necessarily mean basic is being used. It > could just be that the browser has no working credentials for the user to > login NTLM with. > > > Amos > > >
