On Wed, 3 Aug 2005, Mike Diggins wrote:
> So far, IE users that are logged into the domain authenticate without an
> authentication prompt (good). Non IE users or users of other web clients are
> prompted for authentication, which is expected, except now they must type in
> the domain/username and password (i.e. ap1/myname) instead of just their
> username. That's a bigger change in behaviour than we would like. Is there a
> way to make this work or is this normal behaviour?
What Samba version?
> My authentication related configuration:
>
> #Recommended minimum configuration:
> auth_param ntlm program /usr/local/squid/libexec/ntlm_auth ap1/as7 ap1/as6
Looks like you are using Samba-2.X. You should be using Samba-3.x and
their ntlm_auth helper, not the Samba-2.x helper from Squid.
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
> auth_param ntlm use_ntlm_negotiate off
> auth_param basic program /usr/local/squid/sbin/mac_auth
What helper is this mac_auth helper?
It's this one who deals with basic authentication from no-IE browsers, and
it's up to this helper to determine what makes a valid username or not.
Regards
Henrik
Received on Fri Aug 05 2005 - 05:41:58 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT