Search squid archive

Re: Squid with auth NTLM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank, I am going to compile again, but this parameter
--enable-external-acl-helpers=wbinfo_group' with
'--enable-auth=ntlm,basic'

Sincerely,
Leandro Ferrari

2007/12/18, Nick Duda <nduda@xxxxxxxxxxxxxx>:
> Wow lots of options...I cant speak for your external helper but i use '--enable-external-acl-helpers=wbinfo_group' with '--enable-auth=ntlm,basic' and it runs peachy
>
> - Nick
>
> ________________________________
>
> From: Leandro Ferrrari [mailto:talsoft@xxxxxxxxx]
> Sent: Tue 12/18/2007 7:07 AM
> To: Nick Duda
> Cc: Amos Jeffries; squid-users@xxxxxxxxxxxxxxx
> Subject: Re:  Squid with auth NTLM
>
>
>
> Squid -v:
>
> Squid Cache: Version 3.0.STABLE1
> configure options:  '-prefix=/usr/local/squid'
> '-exec-prefix=/usr/local/squid' '-enable-delay-pools'
> '-enable-cache-digests' '-enable-poll' '-disable-ident-lookups'
> '-enable-truncate' '-enable-removal-policies'
> '--enable-follow-x-forwarded-for' '--enable-ssl'
> '--enable-large-cache-file' '--enable-snmp' '--enable-auth=basic,ntlm'
> '--enable-basic-auth-helpers=LDAP,MSNT,multi-domain-NTLM'
> '--enable-digest-auth-helpers=password'
> '--enable-external-acl-helpers=ip_user,ldap_group'
> '--enable-removal-policies=heap,lru' '--enable-x-accelerator-vary'
> '--enable-err-languages=Spanish'
> 'LDFLAGS=-L/usr/local/BerkeleyDB.4.2/lib'
>
> 2007/12/18, Nick Duda <nduda@xxxxxxxxxxxxxx>:
> > Whats your "squid -v"
> >
> > ________________________________
> >
> > From: Leandro Ferrrari [mailto:talsoft@xxxxxxxxx]
> > Sent: Tue 12/18/2007 5:43 AM
> > To: Nick Duda
> > Cc: Amos Jeffries; squid-users@xxxxxxxxxxxxxxx
> > Subject: Re:  Squid with auth NTLM
> >
> >
> >
> > Hi, yes the command wbinfo -g and -u working perfectly. My configuration is:
> >
> > krb5.conf:
> > ...
> > [libdefaults]
> >  default_realm = NEXTIT.LOCAL
> >  dns_lookup_realm = yes
> >  dns_lookup_kdc = yes
> >
> > [realms]
> >  NEXTIT.LOCAL = {
> >   kdc = vm-ws2003.nextit.local:88
> >   admin_server = vm-ws2003.nextit.local:749
> >   default_domain = NEXTIT
> >  }
> >
> > [domain_realm]
> >  .nextit.local = NEXTIT.LOCAL
> >  nextit.local = NEXTIT.LOCAL
> > ...
> >
> > SMB.conf:
> >
> > [global]
> > workgroup = NEXTIT
> > server string = Samba Server
> > password server = NameOfServer
> > encrypt passwords = yes
> >  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> >  realm = NEXTIT.LOCAL
> >    idmap uid = 10000-20000
> >    idmap gid = 10000-20000
> >    template shell = /bin/false
> >    winbind enum users = yes
> >    winbind enum groups = yes
> >    winbind use default domain = yes
> >    client ntlmv2 auth = yes
> >
> >
> > Server Windows Active Directory is Windows 2003 Server
> > Client Windows  is Windows XP
> >
> > Sincerely
> > Leandro Ferrari
> >
> >
> >
> >
> > 2007/12/17, Nick Duda <nduda@xxxxxxxxxxxxxx>:
> > > Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ?
> > >
> > > I would troubleshoot your domain connectivity before you worry about squid.
> > >
> > >
> > > -----Original Message-----
> > > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
> > > Sent: Mon 12/17/2007 7:33 PM
> > > To: Leandro Ferrrari
> > > Cc: squid-users@xxxxxxxxxxxxxxx
> > > Subject: Re:  Squid with auth NTLM
> > >
> > > > I have configured squid 3.0 with NTLM, and this configuration in
> > > > squid.conf is:
> > > >
> > > > auth_param ntlm program /usr/local/bin/ntlm_auth
> > > > --helper-protocol=squid-2.5-ntlmssp
> > > > auth_param ntlm children 30
> > > > auth_param ntlm max_challenge_lifetime 2 minutes
> > > >
> > > > auth_param basic program /usr/local/bin/ntlm_auth
> > > > --helper-protocol=squid-2.5-basic
> > > > auth_param basic children 5
> > > > auth_param basic realm Squid proxy-caching web server
> > > > auth_param basic credentialsttl 2 hours
> > > >
> > > > When a test the ntlm auth, in the Explorer client with a user
> > > > authenticate in Domain Controller Windows 2003, the explorer or
> > > > firefox show popup of the basic auth.
> > > > How to use the ntlm auth with an user of the domain group without auth
> > > > basic?
> > >
> > > Remove the basic configuration to not use it.
> > > You NTLM is broken by the sound of it if its always falling back on basic.
> > > Although the login box does not necessarily mean basic is being used. It
> > > could just be that the browser has no working credentials for the user to
> > > login NTLM with.
> > >
> > >
> > > Amos
> > >
> > >
> > >
> >
> >
> >
>
>
>

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux