[squid-users] Squid requiring domain for auth

From: Steve Allen <steve.allen_at_member.sage-au.org.au>
Date: Tue, 23 Jun 2009 14:35:40 +0930

Hi,

I'm setting up a squid proxy to auth against our 2003 ADS

I have ntlm working so it authenticates both transparently
to the user and using domain\username login.

My Problem is getting squid to auth with just the username not
requiring the domain\ part.

The docs say I need to have winbind use default domain = yes which I do.

With the option set to yes I get

proxyv4# wbinfo -u | grep test99
test99

without the option I get
proxyv4# wbinfo -u | grep test99
AFCT\test99

What am I missing? I didn't configure anything for kerberos because of this line in the samba howto

>With both MIT and Heimdal Kerberos, it is unnecessary to configure the /etc/krb5.conf, and it may be detrimental.

My system hasn't got a the krb5.conf at all and I wonder if the lack of said file is causing me to have to
enter the AFCT\test99 format?

Cheers
Steve

FreeBSD 6.4-RELEASE-p5 AMD64
Squid Cache: Version 3.0.STABLE15
Samba Version 3.3.4
Windows 2003 ADS in what appears for be native mode.

smb.conf

[GLOBAL]
workgroup = AFCT
realm = afct.org.au
Server String = AFC Proxy
security = ads
encrypt passwords = yes
winbind use default domain = yes
wins server = 10.1.1.5

Relevant lines in squid for ntlm

auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on
auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
Received on Tue Jun 23 2009 - 05:05:58 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 23 2009 - 12:00:03 MDT