Hello
I configured squid and samba but (from a client with MS IE 6) when i tried to connect to internet the pop-up with a request of username and password appears.
More info below:
# wbinfo -t
checking the trust secret via RPC calls succeeded
# wbinfo -a mydom\\user%password
plaintext password authentication succeeded
challenge/response password authentication succeeded
# /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
Mydom+user password
[2006/06/12 14:52:07, 3] utils/ntlm_auth.c:check_plaintext_auth(292)
NT_STATUS_OK: Success (0x0)
OK
#
---- Smb.conf is: .... netbios name = aa1pxysav00 realm = ZA.IF.ATCSG.NET workgroup = ZA security = ADS password server = server.mydom.com encrypt passwords = yes log level = 3 passdb:5 auth:10 winbind:5 idmap uid = 10000-20000 template shell = /bin/false winbind enum users = yes winbind uid = 10000-20000 winbind gid = 10000-20000 winbind separator = + winbind use default domain = yes ... ---- Squid.conf is: .... auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes # ntlm_auth from Samba 3 supports NTLM NEGOTIATE packet auth_param ntlm use_ntlm_negotiate on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off .... acl AuthorizedUsers proxy_auth REQUIRED http_access allow all AuthorizedUsers .... cache_peer proxy.xxx.com parent 8080 0 proxy-only default ------ Access.log 1150117192.969 364 10.239.57.34 TCP_MISS/200 4388 GET http://www.google.it/ username DEFAULT_PARENT/proxy.xxx.com text/html 1150117223.316 24100 10.239.57.34 TCP_MISS/503 1384 GET http://www.google.it/imghp? username NONE/- text/html Could you help me? -----Messaggio originale----- Da: Jakob Curdes [mailto:jc@info-systems.de] Inviato: venerd́ 9 giugno 2006 14.44 A: Franco, Battista Cc: squid-users@squid-cache.org Oggetto: Re: [squid-users] AD and Single Sign On Franco, Battista schrieb: >Hello > >I used a squid 2.5 stable 9 on fedora code 4. > >My windows domain is an AD 2003. > >Is it possibile to configure my squid to work as "single sign on" so >users will not need to put username and password when accessing to >internet? > >How do i do it? > > > > > See http://wiki.squid-cache.org/SquidFaq/ProxyAuthentication Hope this helps, Jakob Curdes Hint for the FAQ admins : the keyword NTLM or AD does not show up anywhere in the content list, myabe it would be a good idea to shift one of the headlines a little - this question keeps getting asked again and again. Jakob CurdesReceived on Mon Jun 12 2006 - 07:05:03 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:01 MDT