RE: [squid-users] Popup login and password box with Winbind authe nticators

From: Alex Short <alex@dont-contact.us>
Date: Mon, 23 Sep 2002 15:34:49 -0400 (EDT)

Squid.conf
auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

msntauth.conf
server PDC BDC DOMAIN

denyusers /usr/local/squid/etc/denyusers
allowusers /usr/local/squid/etc/allowusers

(i didn't even bother creating these files)

Also need to have in /etc/hosts
 
ip.of.bdc BDC
ip.of.pdc PDC

*shrug*, maybe take a look at the cache.log file upon restart what kind of
error/other messages you get.

Alex

I think thats most of the setup i have.
> Hmmm. I haven't seen a reference to that anywhere. I assume it goes in
> <squidpath/etc ...
> It's there now.
> No change. Is that line the only entry that is entered in that file?
>
> -----Original Message-----
> From: Alex Short [mailto:alex@short.net]
> Sent: Monday, September 23, 2002 2:34 PM
> To: Paul Norris
> Cc: 'squid-users@squid-cache.org'
> Subject: Re: [squid-users] Popup login and password box with Winbind
> authenticators
>
>
> Hrm.. attempt two
>
> Do you have an msntauth.conf with
> server <PDC> <BDC> <DOMAIN>
>
> ?
>
> Alex
> > Greetings again list...
> > I am attempting to get Squid to authenticate usernames against our
> > corporate windows 2k AD. So far I have had much luck, but the last
> > step is beyond my abilities to resolve. Squid will always request the
> > login and password box when IE is launched. Upon typing in the
> > username and pass, the user is free to exist within the bounds of the
> > ACL's. However, I would very much like IE to use NTLM and not ask.
> > I have tried to follow the FAQ as closely as possible...
> >
> > Using:
> > Samba 2.2.6pre2
> > Squid2.5pre12
> > IE 6
> > Win2k SP3
> >
> > All of the samba parts seem to work find. I can authenticate in
> > cleartext and encrypted. Shared secret is fine, and I can retrieve
> > lists of users and groups. The usernames incidentally don't have spaces.
> > There is one deviation from the FAQ I have noticed however. When I
> > use wbinfo -u or -g, there is no Domain\username it is only in Username
> > form. The winbind separator is \, but it just doesn't show up. If I just
> > enter wbinfo -a username%password it will authenticate anyone on the
> domain
> > properly, so I don't think that is the problem. Also, once I manually
> > authenticate it just lists Username in the auth.log. I have seen a couple
> > threads about IE6 causing problems, but I have enabled NTLM in the
> browser.
> >
> > I am royally stumped on this one. Any help that can be provided is
> > greatly appreciated.
> >
> > --------------------------------------------
> > Paul Norris IT Department Technician
> > Cunningham Field & Research Service, Inc.
> > (386) 677-5644 ext. 216
> > paulnorris@cunninghamresearch.com
> >
> >
> >
> >
>
>
>
Received on Mon Sep 23 2002 - 14:13:57 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:23 MST