Re: [squid-users] Squid with auth NTLM

From: Leandro Ferrrari <talsoft@dont-contact.us>
Date: Tue, 18 Dec 2007 10:04:32 -0300

Thank, I am going to compile again, but this parameter
--enable-external-acl-helpers=wbinfo_group' with
'--enable-auth=ntlm,basic'

Sincerely,
Leandro Ferrari

2007/12/18, Nick Duda <nduda@vistaprint.com>:
> Wow lots of options...I cant speak for your external helper but i use '--enable-external-acl-helpers=wbinfo_group' with '--enable-auth=ntlm,basic' and it runs peachy
>
> - Nick
>
> ________________________________
>
> From: Leandro Ferrrari [mailto:talsoft@gmail.com]
> Sent: Tue 12/18/2007 7:07 AM
> To: Nick Duda
> Cc: Amos Jeffries; squid-users@squid-cache.org
> Subject: Re: [squid-users] Squid with auth NTLM
>
>
>
> Squid -v:
>
> Squid Cache: Version 3.0.STABLE1
> configure options: '-prefix=/usr/local/squid'
> '-exec-prefix=/usr/local/squid' '-enable-delay-pools'
> '-enable-cache-digests' '-enable-poll' '-disable-ident-lookups'
> '-enable-truncate' '-enable-removal-policies'
> '--enable-follow-x-forwarded-for' '--enable-ssl'
> '--enable-large-cache-file' '--enable-snmp' '--enable-auth=basic,ntlm'
> '--enable-basic-auth-helpers=LDAP,MSNT,multi-domain-NTLM'
> '--enable-digest-auth-helpers=password'
> '--enable-external-acl-helpers=ip_user,ldap_group'
> '--enable-removal-policies=heap,lru' '--enable-x-accelerator-vary'
> '--enable-err-languages=Spanish'
> 'LDFLAGS=-L/usr/local/BerkeleyDB.4.2/lib'
>
> 2007/12/18, Nick Duda <nduda@vistaprint.com>:
> > Whats your "squid -v"
> >
> > ________________________________
> >
> > From: Leandro Ferrrari [mailto:talsoft@gmail.com]
> > Sent: Tue 12/18/2007 5:43 AM
> > To: Nick Duda
> > Cc: Amos Jeffries; squid-users@squid-cache.org
> > Subject: Re: [squid-users] Squid with auth NTLM
> >
> >
> >
> > Hi, yes the command wbinfo -g and -u working perfectly. My configuration is:
> >
> > krb5.conf:
> > ...
> > [libdefaults]
> > default_realm = NEXTIT.LOCAL
> > dns_lookup_realm = yes
> > dns_lookup_kdc = yes
> >
> > [realms]
> > NEXTIT.LOCAL = {
> > kdc = vm-ws2003.nextit.local:88
> > admin_server = vm-ws2003.nextit.local:749
> > default_domain = NEXTIT
> > }
> >
> > [domain_realm]
> > .nextit.local = NEXTIT.LOCAL
> > nextit.local = NEXTIT.LOCAL
> > ...
> >
> > SMB.conf:
> >
> > [global]
> > workgroup = NEXTIT
> > server string = Samba Server
> > password server = NameOfServer
> > encrypt passwords = yes
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > realm = NEXTIT.LOCAL
> > idmap uid = 10000-20000
> > idmap gid = 10000-20000
> > template shell = /bin/false
> > winbind enum users = yes
> > winbind enum groups = yes
> > winbind use default domain = yes
> > client ntlmv2 auth = yes
> >
> >
> > Server Windows Active Directory is Windows 2003 Server
> > Client Windows is Windows XP
> >
> > Sincerely
> > Leandro Ferrari
> >
> >
> >
> >
> > 2007/12/17, Nick Duda <nduda@vistaprint.com>:
> > > Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ?
> > >
> > > I would troubleshoot your domain connectivity before you worry about squid.
> > >
> > >
> > > -----Original Message-----
> > > From: Amos Jeffries [mailto:squid3@treenet.co.nz]
> > > Sent: Mon 12/17/2007 7:33 PM
> > > To: Leandro Ferrrari
> > > Cc: squid-users@squid-cache.org
> > > Subject: Re: [squid-users] Squid with auth NTLM
> > >
> > > > I have configured squid 3.0 with NTLM, and this configuration in
> > > > squid.conf is:
> > > >
> > > > auth_param ntlm program /usr/local/bin/ntlm_auth
> > > > --helper-protocol=squid-2.5-ntlmssp
> > > > auth_param ntlm children 30
> > > > auth_param ntlm max_challenge_lifetime 2 minutes
> > > >
> > > > auth_param basic program /usr/local/bin/ntlm_auth
> > > > --helper-protocol=squid-2.5-basic
> > > > auth_param basic children 5
> > > > auth_param basic realm Squid proxy-caching web server
> > > > auth_param basic credentialsttl 2 hours
> > > >
> > > > When a test the ntlm auth, in the Explorer client with a user
> > > > authenticate in Domain Controller Windows 2003, the explorer or
> > > > firefox show popup of the basic auth.
> > > > How to use the ntlm auth with an user of the domain group without auth
> > > > basic?
> > >
> > > Remove the basic configuration to not use it.
> > > You NTLM is broken by the sound of it if its always falling back on basic.
> > > Although the login box does not necessarily mean basic is being used. It
> > > could just be that the browser has no working credentials for the user to
> > > login NTLM with.
> > >
> > >
> > > Amos
> > >
> > >
> > >
> >
> >
> >
>
>
>
Received on Tue Dec 18 2007 - 06:04:34 MST

This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:02 MST