[squid-users] Re: R: [squid-users] AD and Single Sign On from pwasenda@dont-contact.us on 2006-06-12 (squid-users)

From: <pwasenda@dont-contact.us>
Date: Mon, 12 Jun 2006 16:08:07 +0300

does the username work when you enter it ?

Quoting "Franco, Battista" <Battista.Franco@saint-gobain.com>:

> Yes it is.
>
>
>
> -----Messaggio originale-----
> Da: pwasenda@ura.go.ug [mailto:pwasenda@ura.go.ug]
> Inviato: lunedì 12 giugno 2006 15.01
> A: Franco, Battista
> Cc: squid-users@squid-cache.org
> Oggetto: Re:[squid-users] AD and Single Sign On
>
> Is that computer on your windows domain ?
>
> Quoting "Franco, Battista" <Battista.Franco@saint-gobain.com>:
>
> > Hello
> > I configured squid and samba but (from a client with MS IE 6) when i
> > tried to connect to internet the pop-up with a request of username and
> > password appears.
> > More info below:
> >
> > # wbinfo -t
> > checking the trust secret via RPC calls succeeded # wbinfo -a
> > mydom\\user%password plaintext password authentication succeeded
> > challenge/response password authentication succeeded #
> > /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
> > Mydom+user password
> > [2006/06/12 14:52:07, 3] utils/ntlm_auth.c:check_plaintext_auth(292)
> > NT_STATUS_OK: Success (0x0)
> > OK
> > #
> >
> > ----
> >
> > Smb.conf is:
> >
> > ....
> > netbios name = aa1pxysav00
> > realm = ZA.IF.ATCSG.NET
> > workgroup = ZA
> > security = ADS
> > password server = server.mydom.com
> > encrypt passwords = yes
> > log level = 3 passdb:5 auth:10 winbind:5
> > idmap uid = 10000-20000
> > template shell = /bin/false
> > winbind enum users = yes
> > winbind uid = 10000-20000
> > winbind gid = 10000-20000
> > winbind separator = +
> > winbind use default domain = yes
> > ...
> >
> > ----
> >
> > Squid.conf is:
> > ....
> > auth_param ntlm program /usr/bin/ntlm_auth
> > --helper-protocol=squid-2.5-ntlmssp
> > auth_param ntlm children 30
> > auth_param ntlm max_challenge_reuses 0 auth_param ntlm
> > max_challenge_lifetime 2 minutes # ntlm_auth from Samba 3 supports
> > NTLM NEGOTIATE packet auth_param ntlm use_ntlm_negotiate on auth_param
> > basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
> > auth_param basic children 5 auth_param basic realm Squid proxy-caching
> > web server auth_param basic credentialsttl 2 hours auth_param basic
> > casesensitive off ....
> > acl AuthorizedUsers proxy_auth REQUIRED http_access allow all
> > AuthorizedUsers ....
> > cache_peer proxy.xxx.com parent 8080 0 proxy-only default
> >
> > ------
> >
> > Access.log
> >
> > 1150117192.969 364 10.239.57.34 TCP_MISS/200 4388 GET
> > http://www.google.it/ username DEFAULT_PARENT/proxy.xxx.com text/html
> > 1150117223.316 24100 10.239.57.34 TCP_MISS/503 1384 GET
> > http://www.google.it/imghp? username NONE/- text/html
> >
> >
> >
> > Could you help me?
> >
> >
> >
> > -----Messaggio originale-----
> > Da: Jakob Curdes [mailto:jc@info-systems.de]
> > Inviato: venerdì 9 giugno 2006 14.44
> > A: Franco, Battista
> > Cc: squid-users@squid-cache.org
> > Oggetto: Re: [squid-users] AD and Single Sign On
> >
> > Franco, Battista schrieb:
> >
> > >Hello
> > >
> > >I used a squid 2.5 stable 9 on fedora code 4.
> > >
> > >My windows domain is an AD 2003.
> > >
> > >Is it possibile to configure my squid to work as "single sign on" so
> > >users will not need to put username and password when accessing to
> > >internet?
> > >
> > >How do i do it?
> > >
> > >
> > >
> > >
> > >
> > See
> >
> > http://wiki.squid-cache.org/SquidFaq/ProxyAuthentication
> >
> > Hope this helps,
> >
> > Jakob Curdes
> >
> > Hint for the FAQ admins : the keyword NTLM or AD does not show up
> > anywhere in the content list, myabe it would be a good idea to shift
> > one of the headlines a little - this question keeps getting asked again and
> again.
> >
> > Jakob Curdes
> >
> >
>
>
> --
> Peter Collins Wasenda
> Network Administrator
> IT Division, Corporate Services
> Uganda Revenue Authority
> P.O. Box 7279, Kampala
>
> Tel: (041)334474,334535
> Mob: 0752-996477
>
> ---------------------------------------------------------------
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>

-- 
 Peter Collins Wasenda             
 Network Administrator             
 IT Division, Corporate Services    
 Uganda Revenue Authority          
 P.O. Box 7279, Kampala            
 Tel:     (041)334474,334535           
 Mob:     0752-996477                  
 
---------------------------------------------------------------
      
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Received on Mon Jun 12 2006 - 07:17:57 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:01 MDT