Re: [squid-users] Squid-Samba Question

From: Mike Diggins <diggins@dont-contact.us>
Date: Sun, 11 Dec 2005 13:35:28 -0500 (Eastern Standard Time)

On Sun, 11 Dec 2005, Serassio Guido wrote:

> Hi,
>
> At 23.44 10/12/2005, Mike Diggins wrote:
>
>
>> I'm running Squid V2.5Stable10 and Samba 3.0.14a using NTLM authentication
>> and configured according to the FAQ (Winbind).
>
> So, I assume here that you are using Samba's ntlm_auth.

Yes.

>
>> All is working great except the PDC Admin has told me that all my
>> authentications are occurring against only one of the two domain
>> controllers. So, my question is likely to do with Samba, but does anyone
>> know the correct config to make that happen? My current smb.conf looks like
>> this:
>>
>> [global]
>> workgroup = AP1
>> winbind uid = 10000-20000
>> winbind gid = 10000-20000
>> encrypt passwords = yes
>> security=domain
>
> What kind of domain ? NT 4 or Active Directory ?
> If Active Directory you should use "security=ads"

Active Directory. So I guess I should change the security parameter to
ads?

>
>> password server = as6.ad.McMaster.CA, as7.ad.mcmaster.ca
>
> This should never needed: usually Samba find by itself the right DC.

Okay, so I can remove this line completely?

>
>> winbind enum users = yes
>> winbind enum groups = yes
>> winbind use default domain = yes
>> preferred master = False
>> local master = No
>> domain master = False
>> log file = /var/log/samba.log
>>
>> Note: the domain is called AP1, the two domain controllers are as6 and as7.
>> I'm told that all my authentications are going to as6 but switching the
>> order doesn't seem to help. I'd like them both to be used as well as
>> provide redundancy should one fail.
>>
>> Any advice would be appreciated.
>
> Do you are using "auth_param ntlm use_ntlm_negotiate on" in squid.conf ?
> Enabling NTLM Negotiate changes the way how the authentication process work.

No, I don't have that line in my squid config. Are you saying I should
have it? What does it do?

From my Squid.conf:

#
auth_param ntlm program /usr/local/squid/sbin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 25
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
#
auth_param basic program /usr/local/squid/sbin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 1 hours

Thanks for your help.

-Mike
Received on Sun Dec 11 2005 - 11:35:28 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 31 2005 - 12:00:02 MST