[squid-users] Re: Constant Login Prompt for NTLM Auth against Samba PDC
I figured it out to a point: I had this config, which worked on another setup: #Samba PDC Auth auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm children 40 auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 40 auth_param basic realm Cache NTLM Authentication auth_param basic credentialsttl 2 hours Though this setup now works: auth_param ntlm program /usr/lib/squid/ntlm_auth 01Networks/Debian-PDC auth_param ntlm children 5 #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm max_challenge_lifetime 2 minutes The reason I have two lines commented out on each is because even though tons of sites claim to use max_challenge but they always error out. Did something change? On Wed, Nov 5, 2008 at 12:50 AM, Adam McCarthy <[EMAIL PROTECTED]> wrote: > I currently have a Samba 3 PDC. > > Everything seems to work, except IE/Firefox both bring up a prompt for > username and password. > > I'm using the exact same config files from another setup that worked fine. > > You for some reason can't type in just the username and password, like > you would think. > > For example, my workgroup is 01Networks, and even though the XP Pro > machine is logged in sucessfully with that same name, unless I type in > > 01Networks/adam and password, the prompts never go away. > > After I type those in they work. > > Why is this setup acting strange after a previous setup done exactly > the same way works fine? > > Also, why would I be required to put in my Domain/User instead of just > User when normally I only ever needed User? > > Also normally IE/Firefox just sent out my info. >
[squid-users] Constant Login Prompt for NTLM Auth against Samba PDC
I currently have a Samba 3 PDC. Everything seems to work, except IE/Firefox both bring up a prompt for username and password. I'm using the exact same config files from another setup that worked fine. You for some reason can't type in just the username and password, like you would think. For example, my workgroup is 01Networks, and even though the XP Pro machine is logged in sucessfully with that same name, unless I type in 01Networks/adam and password, the prompts never go away. After I type those in they work. Why is this setup acting strange after a previous setup done exactly the same way works fine? Also, why would I be required to put in my Domain/User instead of just User when normally I only ever needed User? Also normally IE/Firefox just sent out my info.
[squid-users] NTLM Authentication working against Samba 3 PDC, except for random login prompts
I have Squid 2.7 authenticating against a Samba 3 PDC. All seems to work well and Squid defiantly is able to tell what username is browsing what site. My only problem is, every now and then, while browsing, it will work, then suddenly Firefox appearntly because of Squid, will ask for the username and password, then it all works well again, until the prompt randomly shows up again. Also, if you are browsing as a "limited" user, or just a proxy_auth user that has sites blocked, can you somehow temporarily login to Squid as another user, but then immediately when done, have it go back to the regular user. Almost like Window's RunAs function.
[squid-users] ACLs based on users based on Samba PDC?
After much fussing, I seem to have a working Squid 2.6 working against a Samba 3 PDC. My only question is now, can I say, ok, if you finds my username, give it complete access. Then perhaps, if it sees user, "bob" perhaps, then it says, only give them windowsupdate.microsoft.com. Then if it sees user "tony, perhaps, only give it, www.tony.com. Can I do all of these Internet limiting features?
Re: [squid-users] Authentication between Samba 3 and Squid
What I meant was, I understand how it should be the same, what I mean is, I can't seem to find a working guide to get either a AD domain or a Samba3 domain. I guess it's mainly Samba that I am confusing about configuring to work properly for Squid, but I can't seem to find an overall guide to get it all working. I have tried ones that claim to be for Windows controllers and always got stuff like: "Host not configured to be member server" or similar. Then net join says about not being able to get trust password. So I'm completely stuck. On Thu, Oct 30, 2008 at 4:04 AM, Kinkie <[EMAIL PROTECTED]> wrote: > On Wed, Oct 29, 2008 at 11:18 PM, Adam McCarthy > <[EMAIL PROTECTED]> wrote: >> Alright, but is there any good source on a Samba 3 + Squid 2.7 + >> Firefox/IE. I have tried tons at Google, and many are just flat out >> outdated and others just don't seem to work right, no matter how many >> times I double check my steps. > > I'm really at trouble to understand what kind of issue you're having: > a Samba3-run domain should be the same as a Microsoft-run domain. > Maybe it'd be easier to look at this the other way around: can you > post the relevant configuration sections? > What would be needed is excerpts from: > - Samba on the DC > - Samba on the proxy > - Squid on the proxy > > -- >/kinkie >
Re: [squid-users] Authentication between Samba 3 and Squid
Alright, but is there any good source on a Samba 3 + Squid 2.7 + Firefox/IE. I have tried tons at Google, and many are just flat out outdated and others just don't seem to work right, no matter how many times I double check my steps. On Tue, Oct 28, 2008 at 4:16 PM, Kinkie <[EMAIL PROTECTED]> wrote: > On Tue, Oct 28, 2008 at 6:24 PM, Adam McCarthy > <[EMAIL PROTECTED]> wrote: >> Alright, but how are you to make sure the proxy was part of the >> domain? I mean is that why people run Samba on the same machine as the >> proxy to do that? > > Yes. > The minimum requirement is to have winbindd running on the proxy and > joined to the domain. Really, there should be no difference in the > proxy setup between a MSAD-backed Windows domain and a Samba-backed > domain. > > -- >/kinkie >
[squid-users] Authentication between Samba 3 and Squid
I am trying to find a way to authenticate Squid usage against my Samba 3 PDC. I have looked all over Google, but they all end up pointing to Active Directory or just using Samba to point to an AD server. I do not have any AD server at all, on my network Samba 3 is king. Is there any set of instructions somewhere that does not use AD at all?
[squid-users] Is there a minimalistic squid.conf anywhere?
I know that Squid has example.conf but that basically has every option available. I was wondering if anyone has a squid.conf that has only the options needed, so that it would make an easier to manage config but also a more secure squid by not having every thing turned on that doesn't need to be turned on.
[squid-users] Fine Tuning ACLs to only make certain IPs jailed/restricted to certain sites?
I already have my squid so that it will deny users access to any site unless it's one of three specified. My question is, now, in this example, how would I tell Squid, to say only restrict say 192.168.0.120-192.168.0.125 to those 3 sites? acl localnet src 192.168.0.0/16 acl AllowedSites dstdom_regex "/etc/squid/allowed-sites" http_access allow AllowedSites http_access deny !AllowedSites http_access allow localnet
[squid-users] 127.0.0.1 TCP_DENIED FreeBSD
Ok, this is how I have my squid setup. acl localhost src 127.0.0.1/255.255.255.255 http_access allow manager localhost But no matter what I do, when I try to use Dansguardian, I always get this kind of error. 1143251579.763 37 127.0.0.1 TCP_DENIED/403 1346 GET http://www.aol.com/= =3D I have tried everything but no matter what it just doesn't let127.0.0.1 access anything. I am trying to setup DansGuardian to use Squid then Squid use Privoxy. I can use Squid and Privoxy working nicely because Squid allows 192.168.*.*addresses but not 127.0.0.1. -- Microsoft sent me an email stating. "We have been informed that you have 10 machines, in which only two are running Windows. If this does not change, we will contact your ISP and have you shutdown. Thank you, and we apoligize for any inconvience."
