But just for the record.... None of the Windows policy changes should be necessary with properly configured Samba3 w/AD/Kerberos and current squid.
I wouldn't want the impression that Squid requires lowering the security settings(perceived or real) from the Windows defaults for Squid to take root. That alone could prevent squid from even be considered in some environments. Jerry ----- Original Message ----- From: "Charlie Grosvenor" <[EMAIL PROTECTED]> To: "Adam Aube" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, September 10, 2004 6:26 AM Subject: RE: [squid-users] RE: Windows 2003 Strangeness > Yep you are correct the syntax is wrong for the samba 3 ntlm_auth helper. I > have just realized that I am still using the squid ntlm_auth helper, I did > think I switched to the samba one, I know I set winbind up. > > Anyway the solution to my problem with windows 2003 was: > > "Change LOCAL machine security policy to: > > Microsoft Network Server: Digitally Sign Communications (Always) Enabled to > DISABLED Network Security: LAN Manager Authentication Level (not configured) > to Send LM & NTLM - User NTLMv2 If Negotiated" > > Thank you > > -----Original Message----- > From: Adam Aube [mailto:[EMAIL PROTECTED] > Sent: 10 September 2004 03:39 > To: [EMAIL PROTECTED] > Subject: [squid-users] RE: Windows 2003 Strangeness > > Charlie Grosvenor wrote: > > > Squid.conf: > > > > auth_param ntlm program /usr/bin/ntlm_auth domain/domaincontroller > > > > I am using the NTLM_AUTH binary that comes with samba v3. > > I'm amazed it works at all - that is the wrong syntax for the Samba 3 > ntlm_auth helper. The correct syntax is (all one line): > > auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > > This is in the Authentication FAQ: > > http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5 > > Adam
