RE: [squid-users] NTLM authentication insquid

From: Information Security <InfoSec@dont-contact.us>
Date: Tue, 3 Oct 2006 09:15:09 +0530

1. I have abandoned FC5. I got squid (with user authentication) started
on Ubuntu Server.

2. Is LDAP_auth_group different from squid_ldap_group?
Squid_ldap_group and ldap_auth did not work for me... :(
Most pointers from google did not help...

Regards,
Navin J.

-----Original Message-----
From: Janco van der Merwe [mailto:jvdmerwe@dunns.co.za]
Sent: Monday, October 02, 2006 11:19 AM
To: Information Security; squid-users@squid-cache.org
Subject: RE: [squid-users] NTLM authentication insquid

Well I'm not sure on FC 5 but on FC 4 it does. Try it and get back to
me. To configure the /etc/krb5.conf is quite straight forward open the
edit the file and you'll see what I mean otherwise if you don't know how
let me know and I'll send you copy of my file. Out of interest sake why
use NTLM authentication when you can use the squid helper
LDAP_group_auth?

Janco v.d Merwe
Network Administrator
Dunns Stores (PTY) Ltd
Switchboard: 011 541 3000
Direct: 011 541 3007
Fax: 086 632 1708

-----Original Message-----
From: Information Security [mailto:InfoSec@adventity.com]
Sent: 29 September, 2006 17:52
To: Janco van der Merwe;squid-users@squid-cache.org
Subject: RE: [squid-users] NTLM authentication insquid

I want to configure squid for user based filtering. I had infact tried
configuring squid without actually adding this machine onto the domain.
But then squid access.log does not show up the usernames (which it does
in my RHEL squid setup).
Would it solve the purpose of user based filtering in this scenario? If
there is a way I can go ahead with it. Kindly guide...

Regards,
Navin J.

-----Original Message-----
From: Janco van der Merwe [mailto:jvdmerwe@dunns.co.za]
Sent: Friday, September 29, 2006 8:53 PM
To: Information Security; squid-users@squid-cache.org
Subject: RE: [squid-users] NTLM authentication insquid

Why do you want to join the machine to the domain? What we did was to
configure /etc/krb5.conf to your Domain specifications and that way you
don't have to go through the pain staking effort of joining a Linux
machine to a MS Domain. In any case both Linux and Windows are Kerberos
compliant.

Janco v.d Merwe
Network Administrator
Dunns Stores (PTY) Ltd
Switchboard: 011 541 3000
Direct: 011 541 3007
Fax: 086 632 1708

-----Original Message-----
From: Information Security [mailto:InfoSec@adventity.com]
Sent: 29 September, 2006 16:39
To: squid-users@squid-cache.org
Subject: [squid-users] NTLM authentication insquid

Hello,

I am trying to configure NTLM authentication in squid. The squid server
would authenticate users with win2K3 ADS.

I had previously successfully done this with RHEL4. Currently I am
trying on Fedora Core 5, but I am facing a lot of problem this time...
the Linux machine simply does not join the domain.

Authconfig-tui gives me the following error at the end of it:

[2006/09/29 19:50:21, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: Transport endpoint is not connected
[2006/09/29 19:50:21, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641)
  cli_rpc_pipe_open_schannel: failed to get schannel session key from
server MYSERVER.CORP.MYCOMPANY.COM for domain MYDOMAIN.
[2006/09/29 19:50:21, 0] utils/net_rpc_join.c:net_rpc_join_ok(61)
  Error connecting to NETLOGON pipe. Error was
NT_STATUS_NO_TRUST_SAM_ACCOUNT
Unable to join domain MYDOMAIN.

Net join ads -U <AdminUserID> gives me the following error:
[2006/09/29 19:52:21, 0] param/loadparm.c:map_parameter(2647)
  Unknown parameter encountered: "winbind seperator"
[2006/09/29 19:52:21, 0] param/loadparm.c:lp_do_parameter(3398)
  Ignoring unknown parameter "winbind seperator"
<AdminUserID>'s password:
[2006/09/29 19:52:25, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: Transport endpoint is not connected

Unable to find a suitable server

Unable to find a suitable server

Can someone help me out?

Navin J.

Disclaimer: Information transmitted by this e-mail is proprietary to
Adventity and/ or its Customers, intended for use only by the individual
or entity to which it is addressed, and may contain information that is
privileged, confidential or exempt from disclosure under applicable law.
If you are not the intended recipient or it appears that this mail has
been forwarded to you without proper authority, you are notified that
any use or dissemination of this information in any manner is strictly
prohibited. In such cases, please notify us immediately at
postmaster@adventity.com and delete this mail from your records.

________________________________________________________________________
____
This communication and any attachments are confidential and intended for
the sole use of the
intended recipient. Any form of copying or disclosure of this
communication to any third parties
without permission is prohibited. The contents of this communication
and its attachments are
not intended to be relied upon in law without subsequent written
confirmation. As such, Dunns
Stores (Pty) Ltd accept no responsibility or liability (including
negligence) for the consequences
of anyone acting, or not acting, on information contained therein.

If you have received this communication in error please notify us
immediately and destroy or
delete it.
________________________________________________________________________
____

Disclaimer: Information transmitted by this e-mail is proprietary to
Adventity and/ or its Customers, intended for use only by the individual
or entity to which it is addressed, and may contain information that is
privileged, confidential or exempt from disclosure under applicable law.
If you are not the intended recipient or it appears that this mail has
been forwarded to you without proper authority, you are notified that
any use or dissemination of this information in any manner is strictly
prohibited. In such cases, please notify us immediately at
postmaster@adventity.com and delete this mail from your records.

________________________________________________________________________
____
This communication and any attachments are confidential and intended for
the sole use of the
intended recipient. Any form of copying or disclosure of this
communication to any third parties
without permission is prohibited. The contents of this communication
and its attachments are
not intended to be relied upon in law without subsequent written
confirmation. As such, Dunns
Stores (Pty) Ltd accept no responsibility or liability (including
negligence) for the consequences
of anyone acting, or not acting, on information contained therein.

If you have received this communication in error please notify us
immediately and destroy or
delete it.
________________________________________________________________________
____

Disclaimer: Information transmitted by this e-mail is proprietary to Adventity and/ or its Customers, intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at postmaster@adventity.com and delete this mail from your records.
Received on Mon Oct 02 2006 - 21:43:05 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST