[squid-users] Re:[squid-users] AD and Single Sign On

Is that computer on your windows domain ?

Quoting "Franco, Battista" <Battista.Franco@saint-gobain.com>:

> Hello
> I configured squid and samba but (from a client with MS IE 6) when i tried to
> connect to internet the pop-up with a request of username and password
> appears.
> More info below:
>
> # wbinfo -t
> checking the trust secret via RPC calls succeeded
> # wbinfo -a mydom\\user%password
> plaintext password authentication succeeded
> challenge/response password authentication succeeded
> # /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
> Mydom+user password
> [2006/06/12 14:52:07, 3] utils/ntlm_auth.c:check_plaintext_auth(292)
> NT_STATUS_OK: Success (0x0)
> OK
> #
>
> ----
>
> Smb.conf is:
>
> ....
> netbios name = aa1pxysav00
> realm = ZA.IF.ATCSG.NET
> workgroup = ZA
> security = ADS
> password server = server.mydom.com
> encrypt passwords = yes
> log level = 3 passdb:5 auth:10 winbind:5
> idmap uid = 10000-20000
> template shell = /bin/false
> winbind enum users = yes
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind separator = +
> winbind use default domain = yes
> ...
>
> ----
>
> Squid.conf is:
> ....
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 30
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes # ntlm_auth from Samba 3
> supports NTLM NEGOTIATE packet auth_param ntlm use_ntlm_negotiate on
> auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
> auth_param basic children 5 auth_param basic realm Squid proxy-caching web
> server auth_param basic credentialsttl 2 hours auth_param basic casesensitive
> off ....
> acl AuthorizedUsers proxy_auth REQUIRED
> http_access allow all AuthorizedUsers
> ....
> cache_peer proxy.xxx.com parent 8080 0 proxy-only default
>
> ------
>
> Access.log
>
> 1150117192.969 364 10.239.57.34 TCP_MISS/200 4388 GET
> http://www.google.it/ username DEFAULT_PARENT/proxy.xxx.com text/html
> 1150117223.316 24100 10.239.57.34 TCP_MISS/503 1384 GET
> http://www.google.it/imghp? username NONE/- text/html
>
>
>
> Could you help me?
>
>
>
> -----Messaggio originale-----
> Da: Jakob Curdes [mailto:jc@info-systems.de]
> Inviato: venerdì 9 giugno 2006 14.44
> A: Franco, Battista
> Cc: squid-users@squid-cache.org
> Oggetto: Re: [squid-users] AD and Single Sign On
>
> Franco, Battista schrieb:
>
> >Hello
> >
> >I used a squid 2.5 stable 9 on fedora code 4.
> >
> >My windows domain is an AD 2003.
> >
> >Is it possibile to configure my squid to work as "single sign on" so
> >users will not need to put username and password when accessing to
> >internet?
> >
> >How do i do it?
> >
> >
> >
> >
> >
> See
>
> http://wiki.squid-cache.org/SquidFaq/ProxyAuthentication
>
> Hope this helps,
>
> Jakob Curdes
>
> Hint for the FAQ admins : the keyword NTLM or AD does not show up anywhere in
> the content list, myabe it would be a good idea to shift one of the headlines
> a little - this question keeps getting asked again and again.
>
> Jakob Curdes
>
>

-- 
 Peter Collins Wasenda             
 Network Administrator             
 IT Division, Corporate Services    
 Uganda Revenue Authority          
 P.O. Box 7279, Kampala            
 Tel:     (041)334474,334535           
 Mob:     0752-996477                  
 
---------------------------------------------------------------
      
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.