RE: [squid-users] testing ntlm auth

From: Derick Jansen <derick@dont-contact.us>
Date: Mon, 20 Aug 2001 14:33:38 +0200

Hi,

I finally got this to work. I had to put the PDC name and IP into the host
file (The DNS admin removed the dns entry for the PDC).

Now that I have it working, I find IE asking for the
username/password/domain every third or fourth request. I know there is a
bug with NTLM where it loses connection to the PDC. Is this causing the
problem?

Thanks in advance.

Derick.

-----Original Message-----
From: Robert Collins [mailto:robert.collins@itdomain.com.au]
Sent: 06 August 2001 04:57
To: Derick Jansen
Cc: Mads Rasmussen; squid-users@squid-cache.org
Subject: RE: [squid-users] testing ntlm auth

On 02 Aug 2001 12:11:46 +0200, Derick Jansen wrote:
> Hi, I am trying this authentication scheme. Squid starts up fine and these
> are the processes runing
>
> 21806 ? S 0:00 ./squid
> 21808 ? S 0:00 (squid)
> 21814 ? S 0:00 (unlinkd)
> 21827 ? S 0:00 (ntlm_auth) inetbridge/rbk-bdc2
> 21828 ? S 0:00 (ntlm_auth) inetbridge/rbk-bdc2
> 21829 ? S 0:00 (ntlm_auth) inetbridge/rbk-bdc2
> 21830 ? S 0:00 (ntlm_auth) inetbridge/rbk-bdc2
> 21831 ? S 0:00 (ntlm_auth) inetbridge/rbk-bdc2
>
> I am however not being authenticated.
>
> When I run this manually /usr/local/squid/libexec/squid/ntlm_auth
> inetbridge/rbk-bdc2 and type YR I get no response from the domain
> controller. I also tried using the domain controllers IP instead of the
> name.

There have been some messages on this in the list already - do a search
on ntlm_auth. You need to use the machine name, not the ip address.

> Do I need to do something on the domain controller to get this to work?

No. Or rather, you can't be using "high security" - we are using an
_old_ Samba library for this. Kinkie is working on an updated helper
that uses a much newer library.

Also, a large amount of work has gone into stability recently, and
tonights daily snapshot from www.squid-cache.org should be much more
reliable. (It doesn't affect the ntlm_auth helper problem that you have
unfortunately). You should grab that tarball and use it.

It's NOT available on sourceforge outside of the NTLM branch as yet, as
soon as it is I'll be posting a detailed email here listing the changes
and asking early adopters to upgrade.

Rob
Received on Mon Aug 20 2001 - 06:32:14 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:45 MST