Hi,
I'm setting up a squid proxy to auth against our 2003 ADS
I have ntlm working so it authenticates both transparently
to the user and using domain\username login.
My Problem is getting squid to auth with just the username not
requiring the domain\ part.
The docs say I need to have winbind use default domain = yes which I do.
With the option set to yes I get
proxyv4# wbinfo -u | grep test99
test99
without the option I get
proxyv4# wbinfo -u | grep test99
AFCT\test99
What am I missing? I didn't configure anything for kerberos because of this line in the samba howto
With both MIT and Heimdal Kerberos, it is unnecessary to configure the /etc/krb5.conf, and it may be detrimental.
My system hasn't got a the krb5.conf at all and I wonder if the lack of said file is causing me to have to
enter the AFCT\test99 format?
Cheers
Steve
FreeBSD 6.4-RELEASE-p5 AMD64
Squid Cache: Version 3.0.STABLE15
Samba Version 3.3.4
Windows 2003 ADS in what appears for be native mode.
smb.conf
[GLOBAL]
workgroup = AFCT
realm = afct.org.au
Server String = AFC Proxy
security = ads
encrypt passwords = yes
winbind use default domain = yes
wins server = 10.1.1.5
Relevant lines in squid for ntlm
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on
auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours