search for: auth_param

...it did (improperly) popup a login window. The squid.conf files were almost identical - even to the point where my working test site incorrectly had my customer's visible hostname. But on (much) closer examination - this is an extract from the problem squid.conf: . . (From the template) . #auth_param basic program <uncomment and complete this line> auth_param basic children 5 #auth_param basic realm Squid proxy-caching web server #auth_param basic credentialsttl 2 hours auth_param basic casesensitive off # Customer specific configs auth_param ntlm program /usr/local/samba/bin/ntlm_auth...

Hi, We are running Squid version: 2.5.STABLE13 and Samba version: Version 3.0.21b We have it setup to use NTLM to check that the user belongs to a group within the domain. The need has arrisen to be able to support multiple groups. Is this possible? Our squid.conf section: auth_param ntlm program /ntlm_auth.sh ntlmssp auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm children 20 auth_param ntlm use_ntlm_negotiate on auth_param basic program /ntlm_auth.sh basic auth_param basic children 20 auth_param basic realm SERVER.DOMAIN...

...e samba AD as the user authentication of squid. I use the following configuration in squid. The users without workstation limitation can successfully authenticate to squid, but the user with workstation limitation cannot. ############################ squid.conf Start ############################# auth_param ntlm program /usr/bin/ntlm_auth3 --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm keep_alive on auth_param basic program /usr/bin/ntlm_auth3 --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Welcome to proxy! auth_param basi...

Hello to all, I'm having problem using this enviroment: Squid 2.7.STABLE7 Samba 3.4.7 Squid.conf auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm keep_alive on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param...

Hi, I am running squid and samba to auth users against a 2003 domain. My squid setup is something like this: auth_param ntlm program /usr/local/libexec/squid/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm children 2 auth_param basic program /usr/local/libexec/squid/ntlm_auth --helper-protocol=squid-2.5-basic aut...

...ind uid = 10000-20000 winbind gid = 10000-20000 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes syslog = 0 #log level = 1 log level = 3 passdb:5 auth:10 winbind:5 log file = /var/log/samba/%m.log max log size = 50 squid.conf ##Autenticacion # NTLM auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=MYDOMINIO auth_param ntlm children 20 auth_param ntlm keep_alive on # NTLM basic auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --domain=MYDOMINIO auth_param ntlm children 20 auth_param...

Hi, I have posted the following message to Squid-Users forum ( squid-users at lists.squid-cache.org). "I have migrated of Samba 4.2.1 to Samba 4.6.3 as DC, but now my Squid authentication doesn't work. In samba 4.2.1 is working properly. This is my authentication block: auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b DC=empresa,DC=com,DC=br -D CN=proxy,CN=Users,DC=empresa,DC=com,DC=br -w password -h 192.168.10.4 -p 389 -s sub -v 3 -f "sAMAccountName=%s" auth_param basic children 50 auth_param basic realm Access Monitored auth_param basic credentialst...

Hi! I upgraded DC2 and DC3, i will upgrade DC1,, but i will wait In DC3 dont correct message... :-| In DC2/DC3 new msg in syslog many messages equal to this in syslog: May 18 11:50:43 DC3 samba: conn[named_pipe] c[unix:] s[unix:/opt/samba/var/run/ncalrpc/np/netlogon] server_id[2157][2157]:   schannel_check_required: [LOJA09A] is not using schannel What this it is ? Regards On

...username that doesn't exist, it complains that the username is invalid, so we know that it has todo with the password. We also know that the password is correct as we tried this numerous times and we also tried copy pasting the password into the required field. Our squid.conf looks like this: auth_param ntlm program /usr/local/libexec/squid/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -d9 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm children 2 auth_param basic program /usr/local/libexec/squid/ntlm_auth --helper-protocol=squid-2.5-basic -d...

On Fri, 2018-09-07 at 20:14 +0200, Luca Olivetti via samba wrote: > El 7/9/18 a les 17:59, Marco Gaiarin via samba ha escrit: > > > It is better to install squid/freeradius in the same host of a DC, or > > don't bother at all so they can be installed also on a DM? > > I don't know if it's better but I'm running freeradius with ntlm_auth on > a

...Running /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp returns output I don't understand, but the Squid FAQ says you can't really test this one by hand anyway. This all suggests Samba is good. Here are the relevant lines from /usr/local/etc/squid.conf . . . # TAG: auth_param # This is used to define parameters for the various authentication # schemes supported by Squid. # # format: auth_param scheme parameter [setting] # # The order in which authentication schemes are presented to the client is . . . auth_param basic children 5 #a...

...should still need to enter their username and password, I just dont want for them to have to enter the domain. Ive mucked around with this for a few days and cant seem to make it work. My smb.conf has winbind use default domain = yes Ive tried adding the --domain=[mydomainnamehere] option to my auth_param line in my squid.conf and it doesnt seem to make any difference to the behaviour. What I would like to know is what im trying to do even possible? If so, can anyone suggest where I should be looking to make it work? squid.conf lines look like: auth_param ntlm program /usr/bin/ntlm_auth --helper-p...

...ocol returns what looks like a line that should be going to a log file and then a "BH". Any time that I add the --require-membership parameter to the ntlm_auth line in my squid.conf file it fails every time. Below are the config lines I'm using: # Experimental Domain Authentication auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=MERCURY\WebAccess auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-...

...e. Squid configured with: Squid Cache: Version 2.5.STABLE4 configure options: --enable-async-io --enable-storeio=ufs,aufs --enable-auth=ntlm,basic --enable-removal-policies --enable-cache-digests --enable-kill-parent-hack --disable-ident-lookups authentication in squid.conf configured as: auth_param ntlm program /usr/local/samba/bin/ntlm_auth -d 10 --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes # auth_param basic program /usr/local/samba/bin/ntlm_auth -d 10 --helper-protocol=squid-2.5-basi...

...export KRB5_KTNAME=FILE:/etc/squid/HTTP-$(hostname -s).keytab net ads keytab ADD HTTP/$(hostname -f) chmod 640 krb5-squid-HTTP-$(hostname -s).keytab chown root:proxy krb5-squid-HTTP-$(hostname -s).keytab And use this for the squid authentication. ### Negotiate (Kerberos and NTLM) authentication auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \ --kerberos /usr/lib/squid/negotiate_kerberos_auth -k /etc/squid/krb5-squid-HTTP-CHANGE_To_HOSTNAME-S_HERE.keytab \ -s HTTP/HTTP-CHANGE_TO_HOSTNAME-S_HERE at REALM \ --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domai...

...ler by YAST) I have set up squid, samba, got the winbind to work great Wbinfo -t, -u, -g all work great Squid also worked great until I tried to tie in NTLM_Auth If I authenticate using /usr/bin/ntlm_auth --username=administrator It authenticates perfectly. I have this in my squid.conf auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 45 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 a...

...mgr myemail at mydomain.com.ve http_port 3128 cache_mem 128 MB cache_dir ufs /var/spool/squid3 200 16 256 access_log /var/log/squid3/access.log squid # Configuraci?n de proxy detras de un proxy cache_peer 192.168.3.10 parent 3128 3130 proxy-only default ##### Reglas de autenticacion auth_param ntlm program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm keep_alive on auth_param basic program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param basic children 5 auth_param basic realm Squid proxy-cachin...

I've not clear if is a squid or a samba/ntlm_auth trouble... indeed... In Squid i've added: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users' auth_param ntlm children 5 but in 'cache.log' i got: Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID! Winbindd lookupname failed...

...it doesn't work, it goes for NTLM. Yes and no, read on you see why i say yes and no.. > If I use the wrapper for a machine that is NOT on a Domain, > it just fails, which is fine because the credentials don't > match anything. Correct, if you want this to work you could try : auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \ --kerberos /usr/lib/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME \ --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOM Now you dont need the UPN in the DNS. ( ! Its really adviced to have it ) but you are still...

...tom setting: # /usr/local/bin/net join -S SERVER -w DOMAIN -U username%password I then run winbindd and nmbd. If the default setting in 2003 is used, I can then view users and groups, but with custom setting it doesn't get this far because the net join fails. My squid config looks like this: auth_param ntlm program /usr/local/libexec/squid/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm children 2 auth_param basic program /usr/local/libexec/squid/ntlm_auth --helper-protocol=squid-2.5-basic auth_p...