Hello,
I've set up a Fedora Core 3 box with squid. Now i want that Squid uses
the ntlm_auth for using the Windows 2000 Active Directory Users and
Passwords.
My smb.conf looks like this:
[global]
realm = Heumann.local
workgroup = Heumann
server string = Samba Server
printcap name = /etc/printcap
load printers = yes
cups options = raw
log file = /var/log/samba/%m.log
max log size = 50
security = ADS
password server = 192.168.15.15
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/false
winbind use default domain = no
The krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = HEUMANN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
HEUMANN.LOCAL = {
kdc = 192.168.15.15:88
admin_server = 192.168.15.15:749
default_domain = HEUMANN.LOCAL
}
[domain_realm]
.heumann.local = HEUMANN.LOCAL
heumann.local = HEUMANN.LOCAL
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
And the squid.conf:
...
auth_param ntlm program /usr/lib/squid/ntlm_auth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/lib/squid/ntlm_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl AuthorizedUsers proxy_auth REQUIRED
http_access allow all AuthorizedUsers
....
Now I get the following error in the cache.log
>You must specify at least one domain-controller!
>(ntlm_auth) usage:
>(ntlm_auth) [-b] [-f] [-d] [-l] domain\controller [domain\controller
...]
>-b enables load-balancing among controllers
>-f enables failover among controllers (DEPRECATED and always active)
>-l changes behavior on domain controller failyures to last-ditch.
>-d enables debugging statements if DEBUG was defined at build-time.
But if i ad in the squid.conf after the ntlm_auth heumann\win2kserv it
dosn't work.
Wbinfo -u works fine.
Please help me..
With best regards Peter213
Received on Mon Apr 18 2005 - 12:19:24 MDT
This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:04 MDT