Re: [squid-users] Problems using NTLM authentication

From: Dan Cave <mogul@dont-contact.us>
Date: Tue, 17 Dec 2002 10:50:29 -0000

Jairo,

Sounds like you're not authenticating with your NT auth server/LM and you've
still got userproxy access turned on in squid.conf.

d
----- Original Message -----
From: "Jairo.Castaņeda" <Jairo.Castaneda@siemens.com>
To: "'Henrik Nordstrom'" <hno@marasystems.com>; "Squid List (E-mail)"
<squid-users@squid-cache.org>
Sent: Monday, December 16, 2002 5:05 PM
Subject: RE: [squid-users] Problems using NTLM authentication

Hello again,

Well, I do need NTLM Authentication because I need the authentication
process to be transparent to my users. Right now, it's working but it's not
transparent. A popup window appears asking for an username/password and if I
type a valid one I get through... Any ideas why it's not transparent?
I'm using IE 6.0, my PC is logged into the domain and according to the FAQ a
password prompt should NOT pop up...

Henrik, thanks for the help on the wb_group external_acl helper... However I
think I should find out first why my authentication scheme is not
transparent before I try to filter web traffic based on NT groups, don't you
think?

Regards,

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@marasystems.com]
Sent: Viernes, 13 de Diciembre de 2002 04:15 p.m.
To: Jairo.Castaņeda; Squid List (E-mail)
Subject: Re: [squid-users] Problems using NTLM authentication

On Friday 13 December 2002 16.11, Jairo.Castaņeda wrote:
> Hello all,
>
> First let me explain what I need to do:
> I need that only users belonging to a NT group called Internet surf
> the web. As I'm using squid as my proxy I need to use NTLM
> authentication, right?

Not neccesarily.

You need NTLM authentication if you want the authentication to Squid
to be transparent to your users.

> - Samba's winbindd testing was ok. I got the messages I was
> supposed to get ("secret was good", and wbinfo -a with the NT
> username and password was successful)

There should also be a note about challenge/response authentication.
If not you cannot use NTLM.

> I have some questions regarding NTLM authentication:
> - How do I establish permissions based on NT groups? I didn't see
> that on the FAQ section...maybe I missed it.

It has not yet been documented in the FAQ.

You use the wb_group external_acl helper. See
helpers/external_asl/winbind_group/

> - How can I test from command line if my authentication scheme is
> working...

See the Squid FAQ. The same section who talks about winbind
installation also includes testing of the connection to winbind.

Regards
Henrik
Received on Tue Dec 17 2002 - 03:50:39 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:06 MST