RE: [squid-users] Problems using NTLM authentication

From: Jairo.Castaņeda <Jairo.Castaneda@dont-contact.us>
Date: Mon, 16 Dec 2002 12:05:58 -0500

Hello again,

Well, I do need NTLM Authentication because I need the authentication
process to be transparent to my users. Right now, it's working but it's not
transparent. A popup window appears asking for an username/password and if I
type a valid one I get through... Any ideas why it's not transparent?
I'm using IE 6.0, my PC is logged into the domain and according to the FAQ a
password prompt should NOT pop up...

Henrik, thanks for the help on the wb_group external_acl helper... However I
think I should find out first why my authentication scheme is not
transparent before I try to filter web traffic based on NT groups, don't you
think?

Regards,

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@marasystems.com]
Sent: Viernes, 13 de Diciembre de 2002 04:15 p.m.
To: Jairo.Castaņeda; Squid List (E-mail)
Subject: Re: [squid-users] Problems using NTLM authentication

On Friday 13 December 2002 16.11, Jairo.Castaņeda wrote:
> Hello all,
>
> First let me explain what I need to do:
> I need that only users belonging to a NT group called Internet surf
> the web. As I'm using squid as my proxy I need to use NTLM
> authentication, right?

Not neccesarily.

You need NTLM authentication if you want the authentication to Squid
to be transparent to your users.

> - Samba's winbindd testing was ok. I got the messages I was
> supposed to get ("secret was good", and wbinfo -a with the NT
> username and password was successful)

There should also be a note about challenge/response authentication.
If not you cannot use NTLM.

> I have some questions regarding NTLM authentication:
> - How do I establish permissions based on NT groups? I didn't see
> that on the FAQ section...maybe I missed it.

It has not yet been documented in the FAQ.

You use the wb_group external_acl helper. See
helpers/external_asl/winbind_group/

> - How can I test from command line if my authentication scheme is
> working...

See the Squid FAQ. The same section who talks about winbind
installation also includes testing of the connection to winbind.

Regards
Henrik
Received on Mon Dec 16 2002 - 10:04:14 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:06 MST