RE: [squid-users] pop up authentication prompts

Thanks for the heads up.

Willing to test and try squid_kerb_auth.

Do you have any configuration/compile options you can share on this.

This is my smb.conf, as you can see "security = domain"

squid2# cat /usr/local/samba/lib/smb.conf
workgroup = apac
netbios name = squid2
server string = New Sydney Lan Proxy
security = domain
password server = audc1 audc2
wins server = 192.168.71.21 192.168.48.23
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
client NTLMv2 auth = No
client lanman auth = Yes
allow trusted domains = no

Regards
Nick Apostolou
IT Infrastructure | ABN AMRO Bank Australia/NZ
Ph: +61 2 8259 5330 | Fax: +61 2 8259 5440 | Mobile: + 61 401 709 007
email: nick.apostolou_at_au.abnamro.com

"Plant, Dean" <dean.plant_at_roke.co.uk>
24/02/2009 08:52 PM

To
<nick.apostolou_at_au.abnamro.com>, <squid-users_at_squid-cache.org>
cc

Subject
RE: [squid-users] pop up authentication prompts

Plant, Dean wrote:
> nick.apostolou_at_au.abnamro.com wrote:
>> Hi,
>>
>> Anyone got any suggestions on my authentication prompt problems with
>> NTLM authentication?
>>
>> I've also got a test box which was build with a tar ball of the
>> squid and samba directories which authenticates with no problem and
>> does not give any errors in the cache.log.
>>
>> Regards
>> Nick Apostolou
>> IT Infrastructure | ABN AMRO Bank Australia/NZ
>> Ph: +61 2 8259 5330 | Fax: +61 2 8259 5440 | Mobile: + 61 401 709 007
>> email: nick.apostolou_at_au.abnamro.com
>
> Try the squid_kerb_auth module. We are running 2.6.x and we have
> suffered the same random pop-ups on NTLM, adding Kerberos
> authentication to the top of the auth configuration fixes the random
> pop-ups on IE 7 and Firefox. IE 6 does not support Kerberos so leave
> NTLM in your configuration if you have this browser on site. XP users
> will also suffer Kerberos ticket renewal issues if your users leave
> their machines on overnight and XP is not patched to SP3.
>

Just reread over my notes and IE6 *is* supposed to support kerb
authentication. We just had issues with it's reliability in testing so
left in NTLM to ensure that if kerb_auth failed it could drop back to
NTLM.

ABN AMRO Bank N.V. is an authorised agent of The Royal Bank of Scotland plc
---------------------------------------------------------------------------
This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorised use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V, which has its seat at Amsterdam, the Netherlands, and is registered in the Commercial Register under number 33002587, including its group companies, shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference.
---------------------------------------------------------------------------
Received on Tue Feb 24 2009 - 20:31:30 MST