Thank, I am going to compile again, but this parameter --enable-external-acl-helpers=wbinfo_group' with '--enable-auth=ntlm,basic' Sincerely, Leandro Ferrari 2007/12/18, Nick Duda <nduda@xxxxxxxxxxxxxx>: > Wow lots of options...I cant speak for your external helper but i use '--enable-external-acl-helpers=wbinfo_group' with '--enable-auth=ntlm,basic' and it runs peachy > > - Nick > > ________________________________ > > From: Leandro Ferrrari [mailto:talsoft@xxxxxxxxx] > Sent: Tue 12/18/2007 7:07 AM > To: Nick Duda > Cc: Amos Jeffries; squid-users@xxxxxxxxxxxxxxx > Subject: Re: Squid with auth NTLM > > > > Squid -v: > > Squid Cache: Version 3.0.STABLE1 > configure options: '-prefix=/usr/local/squid' > '-exec-prefix=/usr/local/squid' '-enable-delay-pools' > '-enable-cache-digests' '-enable-poll' '-disable-ident-lookups' > '-enable-truncate' '-enable-removal-policies' > '--enable-follow-x-forwarded-for' '--enable-ssl' > '--enable-large-cache-file' '--enable-snmp' '--enable-auth=basic,ntlm' > '--enable-basic-auth-helpers=LDAP,MSNT,multi-domain-NTLM' > '--enable-digest-auth-helpers=password' > '--enable-external-acl-helpers=ip_user,ldap_group' > '--enable-removal-policies=heap,lru' '--enable-x-accelerator-vary' > '--enable-err-languages=Spanish' > 'LDFLAGS=-L/usr/local/BerkeleyDB.4.2/lib' > > 2007/12/18, Nick Duda <nduda@xxxxxxxxxxxxxx>: > > Whats your "squid -v" > > > > ________________________________ > > > > From: Leandro Ferrrari [mailto:talsoft@xxxxxxxxx] > > Sent: Tue 12/18/2007 5:43 AM > > To: Nick Duda > > Cc: Amos Jeffries; squid-users@xxxxxxxxxxxxxxx > > Subject: Re: Squid with auth NTLM > > > > > > > > Hi, yes the command wbinfo -g and -u working perfectly. My configuration is: > > > > krb5.conf: > > ... > > [libdefaults] > > default_realm = NEXTIT.LOCAL > > dns_lookup_realm = yes > > dns_lookup_kdc = yes > > > > [realms] > > NEXTIT.LOCAL = { > > kdc = vm-ws2003.nextit.local:88 > > admin_server = vm-ws2003.nextit.local:749 > > default_domain = NEXTIT > > } > > > > [domain_realm] > > .nextit.local = NEXTIT.LOCAL > > nextit.local = NEXTIT.LOCAL > > ... > > > > SMB.conf: > > > > [global] > > workgroup = NEXTIT > > server string = Samba Server > > password server = NameOfServer > > encrypt passwords = yes > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > realm = NEXTIT.LOCAL > > idmap uid = 10000-20000 > > idmap gid = 10000-20000 > > template shell = /bin/false > > winbind enum users = yes > > winbind enum groups = yes > > winbind use default domain = yes > > client ntlmv2 auth = yes > > > > > > Server Windows Active Directory is Windows 2003 Server > > Client Windows is Windows XP > > > > Sincerely > > Leandro Ferrari > > > > > > > > > > 2007/12/17, Nick Duda <nduda@xxxxxxxxxxxxxx>: > > > Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ? > > > > > > I would troubleshoot your domain connectivity before you worry about squid. > > > > > > > > > -----Original Message----- > > > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > > > Sent: Mon 12/17/2007 7:33 PM > > > To: Leandro Ferrrari > > > Cc: squid-users@xxxxxxxxxxxxxxx > > > Subject: Re: Squid with auth NTLM > > > > > > > I have configured squid 3.0 with NTLM, and this configuration in > > > > squid.conf is: > > > > > > > > auth_param ntlm program /usr/local/bin/ntlm_auth > > > > --helper-protocol=squid-2.5-ntlmssp > > > > auth_param ntlm children 30 > > > > auth_param ntlm max_challenge_lifetime 2 minutes > > > > > > > > auth_param basic program /usr/local/bin/ntlm_auth > > > > --helper-protocol=squid-2.5-basic > > > > auth_param basic children 5 > > > > auth_param basic realm Squid proxy-caching web server > > > > auth_param basic credentialsttl 2 hours > > > > > > > > When a test the ntlm auth, in the Explorer client with a user > > > > authenticate in Domain Controller Windows 2003, the explorer or > > > > firefox show popup of the basic auth. > > > > How to use the ntlm auth with an user of the domain group without auth > > > > basic? > > > > > > Remove the basic configuration to not use it. > > > You NTLM is broken by the sound of it if its always falling back on basic. > > > Although the login box does not necessarily mean basic is being used. It > > > could just be that the browser has no working credentials for the user to > > > login NTLM with. > > > > > > > > > Amos > > > > > > > > > > > > > > > > > >
