Re: [SQU] Setting up NTLM as a domain authenticator transparently?

----- Original Message -----
From: <Adam.Shields@psg-pinkerton.com>
To: <csfels@swbell.net>
Cc: <squid-users@ircache.net>
Sent: Tuesday, February 27, 2001 6:39 AM
Subject: RE: [SQU] Setting up NTLM as a domain authenticator
transparently?

> You've been very helpful so far, wondering if you could explain a
little
> furthur,
>
> 1. Does samba need to be installed to communicate with the domain
> controller?

No. A version of the samba library is statically linked into the
ntlm_auth helper.

> 2. What should the acl line look like to verify aguinst a group in the
> domain?

You can't do this yet. Contributions of any sort to help it happen would
be appreciated.

> 3. Does the old authenticate_program_ntlm still apply or should we be
using
> the auth_param ntlm /usr/local/bin/ntlm_auth domainname/IPofDomain?

auth_param ntlm program /usr/local/squid/bin/ntlm_auth parameters
run "ntlm_auth" to get instructions.

> 4. is theire anything we're missing here on our end?

You might want to check http://squid.sourceforge.net/ntlm
NOTE: We recommend you use the squid 2.5 snapshots for NTLM support.

Rob

> Your help s greatly appreiceated in defeating that which is MS Proxy
2.0
>
>
> -----Original Message-----
> From: Craig Fels [mailto:csfels@swbell.net]
> Sent: Monday, February 26, 2001 1:24 PM
> To: Adam Shields - PSG; squid-users@ircache.net
> Subject: Re: [SQU] Setting up NTLM as a domain authenticator
> transparently?
>
>
> The helper you are looking for is NTLMSSP. You specify the
> domain\domaincontroller on the ntlm program line of squid.conf
>
> Make sure you are using IE4 or later for NTLM support. I had the
problem
> you mentioned (popup for password) on IE5.01 with squid 2.4 with the
NTLM
> patch. The 2.5 head snapshot from 2/20/2001 fixed that problem.
>
> Craig
>
> ----- Original Message -----
> From: <Adam.Shields@psg-pinkerton.com>
> To: <squid-users@ircache.net>
> Sent: Monday, February 26, 2001 11:23 AM
> Subject: [SQU] Setting up NTLM as a domain authenticator
transparently?
>
>
> > I got the cache up and running, it's beautiful, what's on my mind
now, is
> > weather or not squid can act as a truly transparent NTLM
authenticator, we
> > got it working in the past to do NTLM auth, but it popped up a
username
> and
> > password box, is there a helper out there that will take the hash
and
> verify
> > it against the domain controller? If so, what is it and how do I go
about
> > setting it up?
> >
> > Thanks in advance for any help.
> > Adam Shields
> >
> > --
> > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
> >
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html