[squid-users] Re: Re: Re: authentication

From: Adam Aube <aaube01@dont-contact.us>
Date: Thu, 01 Jul 2004 13:29:13 -0400

Payal Rathod wrote:

> --- Adam Aube <aaube01@baker.edu> wrote:
>
>> Use the Winbind helpers. More info is in the Squid FAQ:
>
> I couldn't find much documentation out of this. I created an acl
> internet_all with proxyauth REQUIRED and allowed access to it. Btw, the
> windows machine has something called as Active Directory.

I know the Squid FAQ is light on details in some areas, but it does point
you to the documentation that provides more detail.

Active Directory is the domain model used in Windows 2000 and newer,
replacing the NT-style domains. The Winbind helpers work just fine with
Active Directory.

> I can also see my Linux machine in windows shares. My
> friend also created group internet_all and put one
> user temp there. But unfortunately he cannot access
> the internet. It is blocked.

If all you are using is a proxy_auth REQUIRED acl, he doesn't need to create
the group on the Windows side. Any valid Windows logon should work.

> I have (we are testing on IE),
> auth_param ntlm program /path/to/wb_ntlmauth
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes

Those settings look fine.

> Also, I must mention here,
> # wbinfo -t gives me an error.

Then the system isn't joined to the domain properly. As pointed to by the
Squid FAQ, details on how to join to the domain are in the winbindd man
page. You can also look at the wbinfo man page as well.

If you showed us step-by-step what you did, and what the result of each step
was, we would be able to help you better.

> I am pretty confused how these pieces fit together. I mean how is samba
> (what in world is winbind) and squid and windows server fit together.

Winbind is a part of Samba. The Squid helpers connect with Winbind, and
Winbind connects with the Windows domain.

Adam
Received on Thu Jul 01 2004 - 11:27:11 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:01 MDT