I am totally confused by this statement?.. as I have 300 people using firefox right now.. using Ubuntu 6.06, Samba3, Squid2.. and not a single one gets a user/pass prompt? I am not using it as a transparent proxy, it is listed in firefox under proxy settings (8080 because it goes to DG first.. but I have tested just Squid at 3128 and it works as well).. and I haven't touched anything else in firefox. ----- Original Message ---- From: Chris Nighswonger <cnighswonger@xxxxxxxxxxxxxxx> To: matlor <bfrobu@xxxxxx> Cc: squid-users@xxxxxxxxxxxxxxx Sent: Wednesday, October 29, 2008 8:48:39 AM Subject: Re: SQUID + FIREFOX + ACTIVE DIRECTORY On Tue, Oct 28, 2008 at 6:18 AM, matlor <bfrobu@xxxxxx> wrote: > > I have configured squid with winbind integrated in the active directory of a > windows 2003 domain. > If I browse internet trough IE 7 everething is ok, no user and password > prompted, because of the common login. While, if I open Firefox (2 or 3 > version), it prompts for user and password. One other note: While FF does support NTLM, it does not do transparent auth as IE does. Hence the prompting for username/password. Furthermore, due to M$ having a broken implementation of NTLM, FF will at times repeatedly prompt ad infinitum. There is an open bug on this at Mozilla, (https://bugzilla.mozilla.org/show_bug.cgi?id=318253) but action on it is understandably slow. You can mess with FF's NTLM related settings under 'about:config' to gain some respite. You can also run a basic auth that authenticates against NTLM which for some reason seems to avoid the multi-prompt issue. Something like: auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 2 auth_param basic realm somerealm auth_param basic credentialsttl 2 hours auth_param basic casesensitive off Regards, Chris
