Re: [squid-users] Squid with auth NTLM
Hi, yes the command wbinfo -g and -u working perfectly. My configuration is:
krb5.conf:
...
[libdefaults]
default_realm = NEXTIT.LOCAL
dns_lookup_realm = yes
dns_lookup_kdc = yes
[realms]
NEXTIT.LOCAL = {
kdc = vm-ws2003.nextit.local:88
admin_server = vm-ws2003.nextit.local:749
default_domain = NEXTIT
}
[domain_realm]
.nextit.local = NEXTIT.LOCAL
nextit.local = NEXTIT.LOCAL
...
SMB.conf:
[global]
workgroup = NEXTIT
server string = Samba Server
password server = NameOfServer
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
realm = NEXTIT.LOCAL
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/false
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
client ntlmv2 auth = yes
Server Windows Active Directory is Windows 2003 Server
Client Windows is Windows XP
Sincerely
Leandro Ferrari
2007/12/17, Nick Duda [EMAIL PROTECTED]:
Have you joined your box to the domain? What is your krb5.conf file? What is
your smb.conf file? What is the status of something like wbinfo -g or -u ?
I would troubleshoot your domain connectivity before you worry about squid.
-Original Message-
From: Amos Jeffries [mailto:[EMAIL PROTECTED]
Sent: Mon 12/17/2007 7:33 PM
To: Leandro Ferrrari
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid with auth NTLM
I have configured squid 3.0 with NTLM, and this configuration in
squid.conf is:
auth_param ntlm program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
When a test the ntlm auth, in the Explorer client with a user
authenticate in Domain Controller Windows 2003, the explorer or
firefox show popup of the basic auth.
How to use the ntlm auth with an user of the domain group without auth
basic?
Remove the basic configuration to not use it.
You NTLM is broken by the sound of it if its always falling back on basic.
Although the login box does not necessarily mean basic is being used. It
could just be that the browser has no working credentials for the user to
login NTLM with.
Amos
RE: [squid-users] Squid with auth NTLM
Whats your squid -v
From: Leandro Ferrrari [mailto:[EMAIL PROTECTED]
Sent: Tue 12/18/2007 5:43 AM
To: Nick Duda
Cc: Amos Jeffries; squid-users@squid-cache.org
Subject: Re: [squid-users] Squid with auth NTLM
Hi, yes the command wbinfo -g and -u working perfectly. My configuration is:
krb5.conf:
...
[libdefaults]
default_realm = NEXTIT.LOCAL
dns_lookup_realm = yes
dns_lookup_kdc = yes
[realms]
NEXTIT.LOCAL = {
kdc = vm-ws2003.nextit.local:88
admin_server = vm-ws2003.nextit.local:749
default_domain = NEXTIT
}
[domain_realm]
.nextit.local = NEXTIT.LOCAL
nextit.local = NEXTIT.LOCAL
...
SMB.conf:
[global]
workgroup = NEXTIT
server string = Samba Server
password server = NameOfServer
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
realm = NEXTIT.LOCAL
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/false
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
client ntlmv2 auth = yes
Server Windows Active Directory is Windows 2003 Server
Client Windows is Windows XP
Sincerely
Leandro Ferrari
2007/12/17, Nick Duda [EMAIL PROTECTED]:
Have you joined your box to the domain? What is your krb5.conf file? What is
your smb.conf file? What is the status of something like wbinfo -g or -u ?
I would troubleshoot your domain connectivity before you worry about squid.
-Original Message-
From: Amos Jeffries [mailto:[EMAIL PROTECTED]
Sent: Mon 12/17/2007 7:33 PM
To: Leandro Ferrrari
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid with auth NTLM
I have configured squid 3.0 with NTLM, and this configuration in
squid.conf is:
auth_param ntlm program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
When a test the ntlm auth, in the Explorer client with a user
authenticate in Domain Controller Windows 2003, the explorer or
firefox show popup of the basic auth.
How to use the ntlm auth with an user of the domain group without auth
basic?
Remove the basic configuration to not use it.
You NTLM is broken by the sound of it if its always falling back on basic.
Although the login box does not necessarily mean basic is being used. It
could just be that the browser has no working credentials for the user to
login NTLM with.
Amos
Re: [squid-users] Squid with auth NTLM
Squid -v:
Squid Cache: Version 3.0.STABLE1
configure options: '-prefix=/usr/local/squid'
'-exec-prefix=/usr/local/squid' '-enable-delay-pools'
'-enable-cache-digests' '-enable-poll' '-disable-ident-lookups'
'-enable-truncate' '-enable-removal-policies'
'--enable-follow-x-forwarded-for' '--enable-ssl'
'--enable-large-cache-file' '--enable-snmp' '--enable-auth=basic,ntlm'
'--enable-basic-auth-helpers=LDAP,MSNT,multi-domain-NTLM'
'--enable-digest-auth-helpers=password'
'--enable-external-acl-helpers=ip_user,ldap_group'
'--enable-removal-policies=heap,lru' '--enable-x-accelerator-vary'
'--enable-err-languages=Spanish'
'LDFLAGS=-L/usr/local/BerkeleyDB.4.2/lib'
2007/12/18, Nick Duda [EMAIL PROTECTED]:
Whats your squid -v
From: Leandro Ferrrari [mailto:[EMAIL PROTECTED]
Sent: Tue 12/18/2007 5:43 AM
To: Nick Duda
Cc: Amos Jeffries; squid-users@squid-cache.org
Subject: Re: [squid-users] Squid with auth NTLM
Hi, yes the command wbinfo -g and -u working perfectly. My configuration is:
krb5.conf:
...
[libdefaults]
default_realm = NEXTIT.LOCAL
dns_lookup_realm = yes
dns_lookup_kdc = yes
[realms]
NEXTIT.LOCAL = {
kdc = vm-ws2003.nextit.local:88
admin_server = vm-ws2003.nextit.local:749
default_domain = NEXTIT
}
[domain_realm]
.nextit.local = NEXTIT.LOCAL
nextit.local = NEXTIT.LOCAL
...
SMB.conf:
[global]
workgroup = NEXTIT
server string = Samba Server
password server = NameOfServer
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
realm = NEXTIT.LOCAL
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/false
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
client ntlmv2 auth = yes
Server Windows Active Directory is Windows 2003 Server
Client Windows is Windows XP
Sincerely
Leandro Ferrari
2007/12/17, Nick Duda [EMAIL PROTECTED]:
Have you joined your box to the domain? What is your krb5.conf file? What
is your smb.conf file? What is the status of something like wbinfo -g or -u
?
I would troubleshoot your domain connectivity before you worry about squid.
-Original Message-
From: Amos Jeffries [mailto:[EMAIL PROTECTED]
Sent: Mon 12/17/2007 7:33 PM
To: Leandro Ferrrari
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid with auth NTLM
I have configured squid 3.0 with NTLM, and this configuration in
squid.conf is:
auth_param ntlm program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
When a test the ntlm auth, in the Explorer client with a user
authenticate in Domain Controller Windows 2003, the explorer or
firefox show popup of the basic auth.
How to use the ntlm auth with an user of the domain group without auth
basic?
Remove the basic configuration to not use it.
You NTLM is broken by the sound of it if its always falling back on basic.
Although the login box does not necessarily mean basic is being used. It
could just be that the browser has no working credentials for the user to
login NTLM with.
Amos
RE: [squid-users] Squid with auth NTLM
Wow lots of options...I cant speak for your external helper but i use
'--enable-external-acl-helpers=wbinfo_group' with '--enable-auth=ntlm,basic'
and it runs peachy
- Nick
From: Leandro Ferrrari [mailto:[EMAIL PROTECTED]
Sent: Tue 12/18/2007 7:07 AM
To: Nick Duda
Cc: Amos Jeffries; squid-users@squid-cache.org
Subject: Re: [squid-users] Squid with auth NTLM
Squid -v:
Squid Cache: Version 3.0.STABLE1
configure options: '-prefix=/usr/local/squid'
'-exec-prefix=/usr/local/squid' '-enable-delay-pools'
'-enable-cache-digests' '-enable-poll' '-disable-ident-lookups'
'-enable-truncate' '-enable-removal-policies'
'--enable-follow-x-forwarded-for' '--enable-ssl'
'--enable-large-cache-file' '--enable-snmp' '--enable-auth=basic,ntlm'
'--enable-basic-auth-helpers=LDAP,MSNT,multi-domain-NTLM'
'--enable-digest-auth-helpers=password'
'--enable-external-acl-helpers=ip_user,ldap_group'
'--enable-removal-policies=heap,lru' '--enable-x-accelerator-vary'
'--enable-err-languages=Spanish'
'LDFLAGS=-L/usr/local/BerkeleyDB.4.2/lib'
2007/12/18, Nick Duda [EMAIL PROTECTED]:
Whats your squid -v
From: Leandro Ferrrari [mailto:[EMAIL PROTECTED]
Sent: Tue 12/18/2007 5:43 AM
To: Nick Duda
Cc: Amos Jeffries; squid-users@squid-cache.org
Subject: Re: [squid-users] Squid with auth NTLM
Hi, yes the command wbinfo -g and -u working perfectly. My configuration is:
krb5.conf:
...
[libdefaults]
default_realm = NEXTIT.LOCAL
dns_lookup_realm = yes
dns_lookup_kdc = yes
[realms]
NEXTIT.LOCAL = {
kdc = vm-ws2003.nextit.local:88
admin_server = vm-ws2003.nextit.local:749
default_domain = NEXTIT
}
[domain_realm]
.nextit.local = NEXTIT.LOCAL
nextit.local = NEXTIT.LOCAL
...
SMB.conf:
[global]
workgroup = NEXTIT
server string = Samba Server
password server = NameOfServer
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
realm = NEXTIT.LOCAL
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/false
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
client ntlmv2 auth = yes
Server Windows Active Directory is Windows 2003 Server
Client Windows is Windows XP
Sincerely
Leandro Ferrari
2007/12/17, Nick Duda [EMAIL PROTECTED]:
Have you joined your box to the domain? What is your krb5.conf file? What
is your smb.conf file? What is the status of something like wbinfo -g or -u
?
I would troubleshoot your domain connectivity before you worry about squid.
-Original Message-
From: Amos Jeffries [mailto:[EMAIL PROTECTED]
Sent: Mon 12/17/2007 7:33 PM
To: Leandro Ferrrari
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid with auth NTLM
I have configured squid 3.0 with NTLM, and this configuration in
squid.conf is:
auth_param ntlm program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
When a test the ntlm auth, in the Explorer client with a user
authenticate in Domain Controller Windows 2003, the explorer or
firefox show popup of the basic auth.
How to use the ntlm auth with an user of the domain group without auth
basic?
Remove the basic configuration to not use it.
You NTLM is broken by the sound of it if its always falling back on basic.
Although the login box does not necessarily mean basic is being used. It
could just be that the browser has no working credentials for the user to
login NTLM with.
Amos
Re: [squid-users] Squid with auth NTLM
Thank, I am going to compile again, but this parameter
--enable-external-acl-helpers=wbinfo_group' with
'--enable-auth=ntlm,basic'
Sincerely,
Leandro Ferrari
2007/12/18, Nick Duda [EMAIL PROTECTED]:
Wow lots of options...I cant speak for your external helper but i use
'--enable-external-acl-helpers=wbinfo_group' with '--enable-auth=ntlm,basic'
and it runs peachy
- Nick
From: Leandro Ferrrari [mailto:[EMAIL PROTECTED]
Sent: Tue 12/18/2007 7:07 AM
To: Nick Duda
Cc: Amos Jeffries; squid-users@squid-cache.org
Subject: Re: [squid-users] Squid with auth NTLM
Squid -v:
Squid Cache: Version 3.0.STABLE1
configure options: '-prefix=/usr/local/squid'
'-exec-prefix=/usr/local/squid' '-enable-delay-pools'
'-enable-cache-digests' '-enable-poll' '-disable-ident-lookups'
'-enable-truncate' '-enable-removal-policies'
'--enable-follow-x-forwarded-for' '--enable-ssl'
'--enable-large-cache-file' '--enable-snmp' '--enable-auth=basic,ntlm'
'--enable-basic-auth-helpers=LDAP,MSNT,multi-domain-NTLM'
'--enable-digest-auth-helpers=password'
'--enable-external-acl-helpers=ip_user,ldap_group'
'--enable-removal-policies=heap,lru' '--enable-x-accelerator-vary'
'--enable-err-languages=Spanish'
'LDFLAGS=-L/usr/local/BerkeleyDB.4.2/lib'
2007/12/18, Nick Duda [EMAIL PROTECTED]:
Whats your squid -v
From: Leandro Ferrrari [mailto:[EMAIL PROTECTED]
Sent: Tue 12/18/2007 5:43 AM
To: Nick Duda
Cc: Amos Jeffries; squid-users@squid-cache.org
Subject: Re: [squid-users] Squid with auth NTLM
Hi, yes the command wbinfo -g and -u working perfectly. My configuration is:
krb5.conf:
...
[libdefaults]
default_realm = NEXTIT.LOCAL
dns_lookup_realm = yes
dns_lookup_kdc = yes
[realms]
NEXTIT.LOCAL = {
kdc = vm-ws2003.nextit.local:88
admin_server = vm-ws2003.nextit.local:749
default_domain = NEXTIT
}
[domain_realm]
.nextit.local = NEXTIT.LOCAL
nextit.local = NEXTIT.LOCAL
...
SMB.conf:
[global]
workgroup = NEXTIT
server string = Samba Server
password server = NameOfServer
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
realm = NEXTIT.LOCAL
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/false
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
client ntlmv2 auth = yes
Server Windows Active Directory is Windows 2003 Server
Client Windows is Windows XP
Sincerely
Leandro Ferrari
2007/12/17, Nick Duda [EMAIL PROTECTED]:
Have you joined your box to the domain? What is your krb5.conf file? What
is your smb.conf file? What is the status of something like wbinfo -g or
-u ?
I would troubleshoot your domain connectivity before you worry about
squid.
-Original Message-
From: Amos Jeffries [mailto:[EMAIL PROTECTED]
Sent: Mon 12/17/2007 7:33 PM
To: Leandro Ferrrari
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid with auth NTLM
I have configured squid 3.0 with NTLM, and this configuration in
squid.conf is:
auth_param ntlm program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
When a test the ntlm auth, in the Explorer client with a user
authenticate in Domain Controller Windows 2003, the explorer or
firefox show popup of the basic auth.
How to use the ntlm auth with an user of the domain group without auth
basic?
Remove the basic configuration to not use it.
You NTLM is broken by the sound of it if its always falling back on basic.
Although the login box does not necessarily mean basic is being used. It
could just be that the browser has no working credentials for the user to
login NTLM with.
Amos
Re: [squid-users] Squid with auth NTLM
I have configured squid 3.0 with NTLM, and this configuration in squid.conf is: auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours When a test the ntlm auth, in the Explorer client with a user authenticate in Domain Controller Windows 2003, the explorer or firefox show popup of the basic auth. How to use the ntlm auth with an user of the domain group without auth basic? Remove the basic configuration to not use it. You NTLM is broken by the sound of it if its always falling back on basic. Although the login box does not necessarily mean basic is being used. It could just be that the browser has no working credentials for the user to login NTLM with. Amos
RE: [squid-users] Squid with auth NTLM
Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ? I would troubleshoot your domain connectivity before you worry about squid. -Original Message- From: Amos Jeffries [mailto:[EMAIL PROTECTED] Sent: Mon 12/17/2007 7:33 PM To: Leandro Ferrrari Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Squid with auth NTLM I have configured squid 3.0 with NTLM, and this configuration in squid.conf is: auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours When a test the ntlm auth, in the Explorer client with a user authenticate in Domain Controller Windows 2003, the explorer or firefox show popup of the basic auth. How to use the ntlm auth with an user of the domain group without auth basic? Remove the basic configuration to not use it. You NTLM is broken by the sound of it if its always falling back on basic. Although the login box does not necessarily mean basic is being used. It could just be that the browser has no working credentials for the user to login NTLM with. Amos
