Search squid archive

Squid requiring domain for auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I'm setting up a squid proxy to auth against our 2003 ADS

I have ntlm working so it authenticates both transparently to the user and using domain\username login.

My Problem is getting squid to auth with just the username not requiring the domain\ part.

The docs say I need to have winbind use default domain = yes which I do.

With the option set to yes I get

proxyv4# wbinfo -u | grep test99
test99


without the option I get
proxyv4# wbinfo -u | grep test99
AFCT\test99

What am I missing?  I didn't configure anything for kerberos because of this line in the samba howto

With both MIT and Heimdal Kerberos, it is unnecessary to configure the /etc/krb5.conf, and it may be detrimental.

My system hasn't got a the krb5.conf at all and I wonder if the lack of said file is causing me to have to enter the AFCT\test99 format?

Cheers
Steve

FreeBSD 6.4-RELEASE-p5 AMD64
Squid Cache: Version 3.0.STABLE15
Samba Version 3.3.4
Windows 2003 ADS in what appears for be native mode.

smb.conf

[GLOBAL]
workgroup = AFCT
realm = afct.org.au
Server String = AFC Proxy
security = ads
encrypt passwords = yes
winbind use default domain = yes
wins server = 10.1.1.5


Relevant lines in squid for ntlm

auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on
auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux