Re: [SQU] Setting up NTLM as a domain authenticator transparently ? from Craig Fels on 2001-02-27 (squid-users)

From: Craig Fels <csfels@dont-contact.us>
Date: Tue, 27 Feb 2001 08:21:29 -0600

Adam,

The syntax is:
auth_param ntlm program /usr/local/squid/bin/ntlm_auth
domain\domaincontrollername (NOT IP ADDRESS)

check cache.log to see if NTLM's are working.

Craig

----- Original Message -----
From: <Adam.Shields@psg-pinkerton.com>
To: <csfels@swbell.net>
Sent: Tuesday, February 27, 2001 7:21 AM
Subject: RE: [SQU] Setting up NTLM as a domain authenticator transparently ?

> The proxy_auth domain\userid seems to work, but I'm wondering if it's even
> doing the ntlm lookup.. when squid starts it loads 5 ntlm helpers, the
only
> thing that concerns me about the config, is that is I enter
> domain/domain+conrtoler... which would be xxx1/xxx1(thentheIPofthePDChere)
> unless adding the host to the hosts file would alleiveate this problem I'm
> not sure what would, I'm just not getting how to validate / authenticate
> aginst a PDC looking for a specific group of users.
>
> -----Original Message-----
> From: Craig Fels [mailto:csfels@swbell.net]
> Sent: Monday, February 26, 2001 4:11 PM
> To: Adam Shields - PSG
> Cc: squid-users@ircache.net
> Subject: Re: [SQU] Setting up NTLM as a domain authenticator
> transparently ?
>
>
>
> > You've been very helpful so far, wondering if you could explain a little
> > furthur,
> >
> > 1. Does samba need to be installed to communicate with the domain
> > controller?
>
> NO.
>
> >
> > 2. What should the acl line look like to verify aguinst a group in the
> > domain?
>
> Can't be done. The acl must be like:
> acl acl_name proxy_auth domain\userid domain\userid2 domain\userid3
> -or-
> acl acl_name proxy_auth '/path/to/text/file/'
>
> >
> > 3. Does the old authenticate_program_ntlm still apply or should we be
> using
> > the auth_param ntlm /usr/local/bin/ntlm_auth domainname/IPofDomain?
>
> auth_param ntlm program /usr/local/bin/ntlm_auth domain/domain+controller
>
> >
> > 4. is theire anything we're missing here on our end?
>
> check your squid.conf.default for anything I've missed that is needed in
> squid.conf
>
> > Your help s greatly appreiceated in defeating that which is MS Proxy 2.0
>
> No problem. I'll help when I can!
>
> Craig
>
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

Received on Tue Feb 27 2001 - 07:24:27 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:14 MST