Re: [squid-users] Squid with auth NTLM
Hi, yes the command wbinfo -g and -u working perfectly. My configuration is: krb5.conf: ... [libdefaults] default_realm = NEXTIT.LOCAL dns_lookup_realm = yes dns_lookup_kdc = yes [realms] NEXTIT.LOCAL = { kdc = vm-ws2003.nextit.local:88 admin_server = vm-ws2003.nextit.local:749 default_domain = NEXTIT } [domain_realm] .nextit.local = NEXTIT.LOCAL nextit.local = NEXTIT.LOCAL ... SMB.conf: [global] workgroup = NEXTIT server string = Samba Server password server = NameOfServer encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 realm = NEXTIT.LOCAL idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/false winbind enum users = yes winbind enum groups = yes winbind use default domain = yes client ntlmv2 auth = yes Server Windows Active Directory is Windows 2003 Server Client Windows is Windows XP Sincerely Leandro Ferrari 2007/12/17, Nick Duda [EMAIL PROTECTED]: Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ? I would troubleshoot your domain connectivity before you worry about squid. -Original Message- From: Amos Jeffries [mailto:[EMAIL PROTECTED] Sent: Mon 12/17/2007 7:33 PM To: Leandro Ferrrari Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Squid with auth NTLM I have configured squid 3.0 with NTLM, and this configuration in squid.conf is: auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours When a test the ntlm auth, in the Explorer client with a user authenticate in Domain Controller Windows 2003, the explorer or firefox show popup of the basic auth. How to use the ntlm auth with an user of the domain group without auth basic? Remove the basic configuration to not use it. You NTLM is broken by the sound of it if its always falling back on basic. Although the login box does not necessarily mean basic is being used. It could just be that the browser has no working credentials for the user to login NTLM with. Amos
RE: [squid-users] Squid with auth NTLM
Whats your squid -v From: Leandro Ferrrari [mailto:[EMAIL PROTECTED] Sent: Tue 12/18/2007 5:43 AM To: Nick Duda Cc: Amos Jeffries; squid-users@squid-cache.org Subject: Re: [squid-users] Squid with auth NTLM Hi, yes the command wbinfo -g and -u working perfectly. My configuration is: krb5.conf: ... [libdefaults] default_realm = NEXTIT.LOCAL dns_lookup_realm = yes dns_lookup_kdc = yes [realms] NEXTIT.LOCAL = { kdc = vm-ws2003.nextit.local:88 admin_server = vm-ws2003.nextit.local:749 default_domain = NEXTIT } [domain_realm] .nextit.local = NEXTIT.LOCAL nextit.local = NEXTIT.LOCAL ... SMB.conf: [global] workgroup = NEXTIT server string = Samba Server password server = NameOfServer encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 realm = NEXTIT.LOCAL idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/false winbind enum users = yes winbind enum groups = yes winbind use default domain = yes client ntlmv2 auth = yes Server Windows Active Directory is Windows 2003 Server Client Windows is Windows XP Sincerely Leandro Ferrari 2007/12/17, Nick Duda [EMAIL PROTECTED]: Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ? I would troubleshoot your domain connectivity before you worry about squid. -Original Message- From: Amos Jeffries [mailto:[EMAIL PROTECTED] Sent: Mon 12/17/2007 7:33 PM To: Leandro Ferrrari Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Squid with auth NTLM I have configured squid 3.0 with NTLM, and this configuration in squid.conf is: auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours When a test the ntlm auth, in the Explorer client with a user authenticate in Domain Controller Windows 2003, the explorer or firefox show popup of the basic auth. How to use the ntlm auth with an user of the domain group without auth basic? Remove the basic configuration to not use it. You NTLM is broken by the sound of it if its always falling back on basic. Although the login box does not necessarily mean basic is being used. It could just be that the browser has no working credentials for the user to login NTLM with. Amos
Re: [squid-users] Squid with auth NTLM
Squid -v: Squid Cache: Version 3.0.STABLE1 configure options: '-prefix=/usr/local/squid' '-exec-prefix=/usr/local/squid' '-enable-delay-pools' '-enable-cache-digests' '-enable-poll' '-disable-ident-lookups' '-enable-truncate' '-enable-removal-policies' '--enable-follow-x-forwarded-for' '--enable-ssl' '--enable-large-cache-file' '--enable-snmp' '--enable-auth=basic,ntlm' '--enable-basic-auth-helpers=LDAP,MSNT,multi-domain-NTLM' '--enable-digest-auth-helpers=password' '--enable-external-acl-helpers=ip_user,ldap_group' '--enable-removal-policies=heap,lru' '--enable-x-accelerator-vary' '--enable-err-languages=Spanish' 'LDFLAGS=-L/usr/local/BerkeleyDB.4.2/lib' 2007/12/18, Nick Duda [EMAIL PROTECTED]: Whats your squid -v From: Leandro Ferrrari [mailto:[EMAIL PROTECTED] Sent: Tue 12/18/2007 5:43 AM To: Nick Duda Cc: Amos Jeffries; squid-users@squid-cache.org Subject: Re: [squid-users] Squid with auth NTLM Hi, yes the command wbinfo -g and -u working perfectly. My configuration is: krb5.conf: ... [libdefaults] default_realm = NEXTIT.LOCAL dns_lookup_realm = yes dns_lookup_kdc = yes [realms] NEXTIT.LOCAL = { kdc = vm-ws2003.nextit.local:88 admin_server = vm-ws2003.nextit.local:749 default_domain = NEXTIT } [domain_realm] .nextit.local = NEXTIT.LOCAL nextit.local = NEXTIT.LOCAL ... SMB.conf: [global] workgroup = NEXTIT server string = Samba Server password server = NameOfServer encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 realm = NEXTIT.LOCAL idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/false winbind enum users = yes winbind enum groups = yes winbind use default domain = yes client ntlmv2 auth = yes Server Windows Active Directory is Windows 2003 Server Client Windows is Windows XP Sincerely Leandro Ferrari 2007/12/17, Nick Duda [EMAIL PROTECTED]: Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ? I would troubleshoot your domain connectivity before you worry about squid. -Original Message- From: Amos Jeffries [mailto:[EMAIL PROTECTED] Sent: Mon 12/17/2007 7:33 PM To: Leandro Ferrrari Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Squid with auth NTLM I have configured squid 3.0 with NTLM, and this configuration in squid.conf is: auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours When a test the ntlm auth, in the Explorer client with a user authenticate in Domain Controller Windows 2003, the explorer or firefox show popup of the basic auth. How to use the ntlm auth with an user of the domain group without auth basic? Remove the basic configuration to not use it. You NTLM is broken by the sound of it if its always falling back on basic. Although the login box does not necessarily mean basic is being used. It could just be that the browser has no working credentials for the user to login NTLM with. Amos
RE: [squid-users] Squid with auth NTLM
Wow lots of options...I cant speak for your external helper but i use '--enable-external-acl-helpers=wbinfo_group' with '--enable-auth=ntlm,basic' and it runs peachy - Nick From: Leandro Ferrrari [mailto:[EMAIL PROTECTED] Sent: Tue 12/18/2007 7:07 AM To: Nick Duda Cc: Amos Jeffries; squid-users@squid-cache.org Subject: Re: [squid-users] Squid with auth NTLM Squid -v: Squid Cache: Version 3.0.STABLE1 configure options: '-prefix=/usr/local/squid' '-exec-prefix=/usr/local/squid' '-enable-delay-pools' '-enable-cache-digests' '-enable-poll' '-disable-ident-lookups' '-enable-truncate' '-enable-removal-policies' '--enable-follow-x-forwarded-for' '--enable-ssl' '--enable-large-cache-file' '--enable-snmp' '--enable-auth=basic,ntlm' '--enable-basic-auth-helpers=LDAP,MSNT,multi-domain-NTLM' '--enable-digest-auth-helpers=password' '--enable-external-acl-helpers=ip_user,ldap_group' '--enable-removal-policies=heap,lru' '--enable-x-accelerator-vary' '--enable-err-languages=Spanish' 'LDFLAGS=-L/usr/local/BerkeleyDB.4.2/lib' 2007/12/18, Nick Duda [EMAIL PROTECTED]: Whats your squid -v From: Leandro Ferrrari [mailto:[EMAIL PROTECTED] Sent: Tue 12/18/2007 5:43 AM To: Nick Duda Cc: Amos Jeffries; squid-users@squid-cache.org Subject: Re: [squid-users] Squid with auth NTLM Hi, yes the command wbinfo -g and -u working perfectly. My configuration is: krb5.conf: ... [libdefaults] default_realm = NEXTIT.LOCAL dns_lookup_realm = yes dns_lookup_kdc = yes [realms] NEXTIT.LOCAL = { kdc = vm-ws2003.nextit.local:88 admin_server = vm-ws2003.nextit.local:749 default_domain = NEXTIT } [domain_realm] .nextit.local = NEXTIT.LOCAL nextit.local = NEXTIT.LOCAL ... SMB.conf: [global] workgroup = NEXTIT server string = Samba Server password server = NameOfServer encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 realm = NEXTIT.LOCAL idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/false winbind enum users = yes winbind enum groups = yes winbind use default domain = yes client ntlmv2 auth = yes Server Windows Active Directory is Windows 2003 Server Client Windows is Windows XP Sincerely Leandro Ferrari 2007/12/17, Nick Duda [EMAIL PROTECTED]: Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ? I would troubleshoot your domain connectivity before you worry about squid. -Original Message- From: Amos Jeffries [mailto:[EMAIL PROTECTED] Sent: Mon 12/17/2007 7:33 PM To: Leandro Ferrrari Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Squid with auth NTLM I have configured squid 3.0 with NTLM, and this configuration in squid.conf is: auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours When a test the ntlm auth, in the Explorer client with a user authenticate in Domain Controller Windows 2003, the explorer or firefox show popup of the basic auth. How to use the ntlm auth with an user of the domain group without auth basic? Remove the basic configuration to not use it. You NTLM is broken by the sound of it if its always falling back on basic. Although the login box does not necessarily mean basic is being used. It could just be that the browser has no working credentials for the user to login NTLM with. Amos
Re: [squid-users] Squid with auth NTLM
Thank, I am going to compile again, but this parameter --enable-external-acl-helpers=wbinfo_group' with '--enable-auth=ntlm,basic' Sincerely, Leandro Ferrari 2007/12/18, Nick Duda [EMAIL PROTECTED]: Wow lots of options...I cant speak for your external helper but i use '--enable-external-acl-helpers=wbinfo_group' with '--enable-auth=ntlm,basic' and it runs peachy - Nick From: Leandro Ferrrari [mailto:[EMAIL PROTECTED] Sent: Tue 12/18/2007 7:07 AM To: Nick Duda Cc: Amos Jeffries; squid-users@squid-cache.org Subject: Re: [squid-users] Squid with auth NTLM Squid -v: Squid Cache: Version 3.0.STABLE1 configure options: '-prefix=/usr/local/squid' '-exec-prefix=/usr/local/squid' '-enable-delay-pools' '-enable-cache-digests' '-enable-poll' '-disable-ident-lookups' '-enable-truncate' '-enable-removal-policies' '--enable-follow-x-forwarded-for' '--enable-ssl' '--enable-large-cache-file' '--enable-snmp' '--enable-auth=basic,ntlm' '--enable-basic-auth-helpers=LDAP,MSNT,multi-domain-NTLM' '--enable-digest-auth-helpers=password' '--enable-external-acl-helpers=ip_user,ldap_group' '--enable-removal-policies=heap,lru' '--enable-x-accelerator-vary' '--enable-err-languages=Spanish' 'LDFLAGS=-L/usr/local/BerkeleyDB.4.2/lib' 2007/12/18, Nick Duda [EMAIL PROTECTED]: Whats your squid -v From: Leandro Ferrrari [mailto:[EMAIL PROTECTED] Sent: Tue 12/18/2007 5:43 AM To: Nick Duda Cc: Amos Jeffries; squid-users@squid-cache.org Subject: Re: [squid-users] Squid with auth NTLM Hi, yes the command wbinfo -g and -u working perfectly. My configuration is: krb5.conf: ... [libdefaults] default_realm = NEXTIT.LOCAL dns_lookup_realm = yes dns_lookup_kdc = yes [realms] NEXTIT.LOCAL = { kdc = vm-ws2003.nextit.local:88 admin_server = vm-ws2003.nextit.local:749 default_domain = NEXTIT } [domain_realm] .nextit.local = NEXTIT.LOCAL nextit.local = NEXTIT.LOCAL ... SMB.conf: [global] workgroup = NEXTIT server string = Samba Server password server = NameOfServer encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 realm = NEXTIT.LOCAL idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/false winbind enum users = yes winbind enum groups = yes winbind use default domain = yes client ntlmv2 auth = yes Server Windows Active Directory is Windows 2003 Server Client Windows is Windows XP Sincerely Leandro Ferrari 2007/12/17, Nick Duda [EMAIL PROTECTED]: Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ? I would troubleshoot your domain connectivity before you worry about squid. -Original Message- From: Amos Jeffries [mailto:[EMAIL PROTECTED] Sent: Mon 12/17/2007 7:33 PM To: Leandro Ferrrari Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Squid with auth NTLM I have configured squid 3.0 with NTLM, and this configuration in squid.conf is: auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours When a test the ntlm auth, in the Explorer client with a user authenticate in Domain Controller Windows 2003, the explorer or firefox show popup of the basic auth. How to use the ntlm auth with an user of the domain group without auth basic? Remove the basic configuration to not use it. You NTLM is broken by the sound of it if its always falling back on basic. Although the login box does not necessarily mean basic is being used. It could just be that the browser has no working credentials for the user to login NTLM with. Amos
[squid-users] Squid with auth NTLM
I have configured squid 3.0 with NTLM, and this configuration in squid.conf is: auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours When a test the ntlm auth, in the Explorer client with a user authenticate in Domain Controller Windows 2003, the explorer or firefox show popup of the basic auth. How to use the ntlm auth with an user of the domain group without auth basic? Sincerely, Leandro Ferrari
Re: [squid-users] Squid with auth NTLM
I have configured squid 3.0 with NTLM, and this configuration in squid.conf is: auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours When a test the ntlm auth, in the Explorer client with a user authenticate in Domain Controller Windows 2003, the explorer or firefox show popup of the basic auth. How to use the ntlm auth with an user of the domain group without auth basic? Remove the basic configuration to not use it. You NTLM is broken by the sound of it if its always falling back on basic. Although the login box does not necessarily mean basic is being used. It could just be that the browser has no working credentials for the user to login NTLM with. Amos
RE: [squid-users] Squid with auth NTLM
Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ? I would troubleshoot your domain connectivity before you worry about squid. -Original Message- From: Amos Jeffries [mailto:[EMAIL PROTECTED] Sent: Mon 12/17/2007 7:33 PM To: Leandro Ferrrari Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Squid with auth NTLM I have configured squid 3.0 with NTLM, and this configuration in squid.conf is: auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours When a test the ntlm auth, in the Explorer client with a user authenticate in Domain Controller Windows 2003, the explorer or firefox show popup of the basic auth. How to use the ntlm auth with an user of the domain group without auth basic? Remove the basic configuration to not use it. You NTLM is broken by the sound of it if its always falling back on basic. Although the login box does not necessarily mean basic is being used. It could just be that the browser has no working credentials for the user to login NTLM with. Amos