RE: [squid-users] Windows 2003 Strangeness from Dave Augustus on 2004-09-09 (squid-users)

From: Dave Augustus <davea@dont-contact.us>
Date: Thu, 09 Sep 2004 13:25:54 -0500

Hello Charlie,

All I can tell you is that I did this and it worked. Even before we had
Active Directory. The Samba By Example book talks about using Kerberos
1.3 for the installation with W2k3.

And here is something that might be relevant:
http://www.mail-archive.com/kerberos@mit.edu/msg06278.html

--
Dave
On Thu, 2004-09-09 at 12:45, Charlie Grosvenor wrote:
> NT 4 doesn't support Kerberos so I don't see why samba should need to be
> compiled with Kerberos support. Doesn't windows 2003 server support normal
> NTLM auth? There must be some way of telling it to use it.
> 
> Thank you
> 
> -----Original Message-----
> From: Dave Augustus [mailto:davea@support.kcm.org] 
> Sent: 09 September 2004 18:40
> To: Charlie Grosvenor
> Cc: squid-users@squid-cache.org
> Subject: RE: [squid-users] Windows 2003 Strangeness
> 
> Did you compile Samba with kerberos 1.3? I am just guessing here but the
> problem appears to be between your W2K3 servers and Squid.
> 
> This is a Samba configuration problem- whatever it is- you could try posting
> there as well.
> 
> --
> Dave
> 
> 
> On Thu, 2004-09-09 at 12:03, Charlie Grosvenor wrote:
> > Thank you for the response, the windows 2003 server is a member server 
> > of an NT 4 domain, no active directory. I have this problem on two all 
> > the windows
> > 2003 member servers.
> > 
> > Squid.conf:
> > 
> > auth_param ntlm program /usr/bin/ntlm_auth domain/domaincontroller 
> > auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 5000 
> > auth_param ntlm max_challenge_lifetime 5 minutes
> > 
> > I am using the NTLM_AUTH binary that comes with samba v3.
> > 
> > Thank you
> > 
> > -----Original Message-----
> > From: Dave Augustus [mailto:davea@support.kcm.org]
> > Sent: 09 September 2004 17:56
> > To: Charlie Grosvenor
> > Cc: squid-users@squid-cache.org
> > Subject: Re: [squid-users] Windows 2003 Strangeness
> > 
> > How are authenticating? It sounds like you are using mixed-mode
> > authentication: that is, the the old-style Domain Controller and the 
> > new Active Directory.
> > 
> > My guess is that:
> > Your Squid box is using DC for authentication and the W2K3 server is 
> > using AD. Do you have the same problem on another W2K3 server ?
> > 
> > With Samba v3, you use the NTLM_AUTH  binary that it installs instead 
> > of the one that comes with Squid.
> > 
> > Let me know,
> > --
> > Dave
> > 
> > On Thu, 2004-09-09 at 10:49, Charlie Grosvenor wrote:
> > > I am using squid 2.5.6, with NTLM authentication. This works fine 
> > > with
> > > IE6 on windows NT, 2000, XP clients, but with windows 2003 server, I 
> > > get "Page cannot be displayed" when I set IE6 to use the proxy and 
> > > in the squid access.log I get:
> > >  
> > > 1094744912.490      0 192.168.1.97 TCP_DENIED/407 1866 GET
> > > http://www.microsoft.com/ - NONE/- text/html
> > > 1094744912.664      0 192.168.1.97 TCP_DENIED/407 1792 GET
> > > http://www.microsoft.com/ - NONE/- text/html
> > > 1094744912.667      0 192.168.1.97 TCP_DENIED/407 1866 GET
> > > http://www.microsoft.com/ - NONE/- text/html
> > > 1094744912.824      0 192.168.1.97 TCP_DENIED/407 1792 GET
> > > http://www.microsoft.com/ - NONE/- text/html
> > > 1094744912.827      0 192.168.1.97 TCP_DENIED/407 1866 GET
> > > http://www.microsoft.com/ - NONE/- text/html
> > > 1094744912.976      0 192.168.1.97 TCP_DENIED/407 1792 GET
> > > http://www.microsoft.com/ - NONE/- text/html
> > > 1094744912.979      0 192.168.1.97 TCP_DENIED/407 1866 GET
> > > http://www.microsoft.com/ - NONE/- text/html
> > > 1094744913.136      0 192.168.1.97 TCP_DENIED/407 1792 GET
> > > http://www.microsoft.com/ - NONE/- text/html
> > > 1094744913.138      0 192.168.1.97 TCP_DENIED/407 1866 GET
> > > http://www.microsoft.com/ - NONE/- text/html
> > >  
> > > Has anybody else experienced this with windows 2003 server? anybody 
> > > know of a solution?
> > > 
> > > ____________________________________________________________________
> > > __ This email has been scanned by the MessageLabs Email Security 
> > > System.
> > > For more information please visit http://www.messagelabs.com/email
> > > ____________________________________________________________________
> > > __
> > 
> > ______________________________________________________________________
> > This email has been scanned by the MessageLabs Email Security System.
> > For more information please visit http://www.messagelabs.com/email
> > ______________________________________________________________________
> 
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________

application/pgp-signature attachment: This is a digitally signed message part

Received on Thu Sep 09 2004 - 12:25:58 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT