Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY

From: Chris Nighswonger <cnighswonger_at_foundations.edu>
Date: Wed, 29 Oct 2008 09:48:39 -0400

On Tue, Oct 28, 2008 at 6:18 AM, matlor <bfrobu_at_tin.it> wrote:
>
> I have configured squid with winbind integrated in the active directory of a
> windows 2003 domain.
> If I browse internet trough IE 7 everething is ok, no user and password
> prompted, because of the common login. While, if I open Firefox (2 or 3
> version), it prompts for user and password.

One other note: While FF does support NTLM, it does not do transparent
auth as IE does. Hence the prompting for username/password.
Furthermore, due to M$ having a broken implementation of NTLM, FF will
at times repeatedly prompt ad infinitum. There is an open bug on this
at Mozilla, (https://bugzilla.mozilla.org/show_bug.cgi?id=318253) but
action on it is understandably slow. You can mess with FF's NTLM
related settings under 'about:config' to gain some respite. You can
also run a basic auth that authenticates against NTLM which for some
reason seems to avoid the multi-prompt issue. Something like:

 auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
 auth_param basic children 2
 auth_param basic realm somerealm
 auth_param basic credentialsttl 2 hours
 auth_param basic casesensitive off

Regards,
Chris
Received on Wed Oct 29 2008 - 13:48:44 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 29 2008 - 12:00:06 MDT