I am actually flabbergasted at all the people saying this doesn't work. I haven't tried Squid 3 yet.. so I can't comment on it. The squid that comes with Ubuntu (6.06) is squid 2.5 (I think) the one with 8.04 is squid 2.6 (again, just going from what I remember.. I am not at that client today). I never compiled anything (just apt-get install squid).. and I never set anything in FF about:config (although I would like to try that one) When I am at this client on my linux desktop, I have to put my credentials into FF, but when I am on a pc that is joined to the domain, I just open FF and go about my business. As a matter of fact, I block a bunch of extensions.. and sometimes I would forget I was going through it, until I tried to download something. I would go into firefox, change the proxy setting, get the file, then put the proxy setting back. THEN I would have to authenticate.. unless I shut the browser down after changing the proxy back. I am by no means an expert, but I have set 10 or so customers up the exact same way over the last 2 or 3 years.. I know it is catching them, because it blocks files and I use SARG to report their activities.. But now I am spooked (I just moved this customer into a new building.. and it is all W2k8 servers), so I am installing FF onto my new servers over there and pointing FF at our new proxy. Just to make sure.. ----- Original Message ---- From: matlor <bfrobu@xxxxxx> To: squid-users@xxxxxxxxxxxxxxx Sent: Thursday, October 30, 2008 9:15:55 AM Subject: Re: SQUID + FIREFOX + ACTIVE DIRECTORY I have tried your configuration... but I have the same problem. squid version is 3.0.5 in attachment there is one of my tested squid.conf. only IE7 is working properly thanks in advance.... nairb rotsak wrote: > > Always forget to hit the 'reply to all' instead of the 'reply'.. sorry.. > below is what I sent Chris: > > Below is for w2k3 AD and Ubuntu 6.06.1: > > auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 15 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 2 minutes > #auth_param ntlm use_ntlm_negotiate off > auth_param basic program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-basic > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > auth_param basic casesensitive off > acl NTLMUsers proxy_auth REQUIRED > acl our_networks src 192.168.0.0/16 > http_access allow all NTLMUsers > http_access allow our_networks > > Here is our current setup (w2k8 and Ubuntu 8.04.1): > > auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 15 > auth_param ntlm keep_alive on > acl our_networks src 192.168.0.0/16 > acl NTLMUsers proxy_auth REQUIRED > external_acl_type ntgroup %LOGIN /usr/lib/squid/wbinfo_group.pl > acl NOINTERNET external ntgroup no-internet > http_access deny NOINTERNET > http_access allow all NTLMUsers > http_access allow our_networks > http_access allow localhost > > > We > have a group policy do the IE browser, but with Firefox, we have to set > it manually. Once it is set, there is no prompt... I use SARG to get > the results.. Been doing it for almost three years.. I would get > evangelical on people using iPrism/Barracuda/Websense.. but now I > figure I will just let them spend the money.. ;-) > > > ----- Original Message ---- > From: Chris Nighswonger <cnighswonger@xxxxxxxxxxxxxxx> > To: nairb rotsak <ipguru99@xxxxxxxxx> > Cc: matlor <bfrobu@xxxxxx>; squid-users@xxxxxxxxxxxxxxx > Sent: Wednesday, October 29, 2008 9:31:32 AM > Subject: Re: SQUID + FIREFOX + ACTIVE DIRECTORY > > On Wed, Oct 29, 2008 at 10:23 AM, nairb rotsak <ipguru99@xxxxxxxxx> wrote: >> I am totally confused by this statement?.. as I have 300 people using >> firefox right now.. using Ubuntu 6.06, Samba3, Squid2.. and not a single >> one gets a user/pass prompt? I am not using it as a transparent proxy, >> it is listed in firefox under proxy settings (8080 because it goes to DG >> first.. but I have tested just Squid at 3128 and it works as well).. and >> I haven't touched anything else in firefox > > > I'd be very interested in knowing what is different about your setup. > I have fought this problem for several years now. > > >> >> >> >> ----- Original Message ---- >> From: Chris Nighswonger <cnighswonger@xxxxxxxxxxxxxxx> >> To: matlor <bfrobu@xxxxxx> >> Cc: squid-users@xxxxxxxxxxxxxxx >> Sent: Wednesday, October 29, 2008 8:48:39 AM >> Subject: Re: SQUID + FIREFOX + ACTIVE DIRECTORY >> >> On Tue, Oct 28, 2008 at 6:18 AM, matlor <bfrobu@xxxxxx> wrote: >>> >>> I have configured squid with winbind integrated in the active directory >>> of a >>> windows 2003 domain. >>> If I browse internet trough IE 7 everething is ok, no user and password >>> prompted, because of the common login. While, if I open Firefox (2 or 3 >>> version), it prompts for user and password. >> >> One other note: While FF does support NTLM, it does not do transparent >> auth as IE does. Hence the prompting for username/password. >> Furthermore, due to M$ having a broken implementation of NTLM, FF will >> at times repeatedly prompt ad infinitum. There is an open bug on this >> at Mozilla, (https://bugzilla.mozilla.org/show_bug.cgi?id=318253) but >> action on it is understandably slow. You can mess with FF's NTLM >> related settings under 'about:config' to gain some respite. You can >> also run a basic auth that authenticates against NTLM which for some >> reason seems to avoid the multi-prompt issue. Something like: >> >> auth_param basic program /usr/bin/ntlm_auth >> --helper-protocol=squid-2.5-basic >> auth_param basic children 2 >> auth_param basic realm somerealm >> auth_param basic credentialsttl 2 hours >> auth_param basic casesensitive off >> >> Regards, >> Chris >> >> >> >> >> > > > > > > http://www.nabble.com/file/p20247889/squid.conf squid.conf -- View this message in context: http://www.nabble.com/SQUID-%2B-FIREFOX-%2B-ACTIVE-DIRECTORY-tp20204501p20247889.html Sent from the Squid - Users mailing list archive at Nabble.com.