Displaying 19 results from an estimated 19 matches for "max_challenge_lifetime".
2006 Sep 12
1
Multiple Group checking using ntlm_auth
....21b
We have it setup to use NTLM to check that the user belongs to a group
within the domain. The need has arrisen to be able to support multiple
groups. Is this possible?
Our squid.conf section:
auth_param ntlm program /ntlm_auth.sh ntlmssp
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm children 20
auth_param ntlm use_ntlm_negotiate on
auth_param basic program /ntlm_auth.sh basic
auth_param basic children 20
auth_param basic realm SERVER.DOMAIN.CO.ZA Cache NTLM Authentication
auth_param basic credentialsttl 2 hours
Our smb.conf:
[global]
winbind separato...
2005 Oct 31
1
NTLM Problems
Hi,
I am running squid and samba to auth users against a 2003 domain. My squid
setup is something like this:
auth_param ntlm program /usr/local/libexec/squid/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm children 2
auth_param basic program /usr/local/libexec/squid/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 2
auth_param basic realm Cache NTLM Authentication
auth_param basic credentialsttl 2 hours
I then join the domain as follows:
Net join -...
2003 Dec 18
2
ntlm_auth problem in Squid 2.5
...15:36:48, 0]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(375)
NTLMSSP BH: NT_STATUS_ACCESS_DENIED
squid.conf settings are:
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp -d 10
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
I don't understand why it would complain about the winbindd_privileged
directory when I've changed the permissions to it as follows:
drwxr-x--- 2 root squid 72 Dec 18 14:54
winbindd_privileged/
I'm not sure what the line "not authorized to use winbind...
2005 Apr 05
0
RE: [squid-users] IE improperly prompts for credentials; ntlm_auth with Samba 3.0.13, Squid 2.5.STABLE7, RedHat Linux 9.0, SmartFilter 4.01; ticket number 48293
...-caching web server
#auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
# Customer specific configs
auth_param ntlm program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
.
.
.
Here is the relevant part from a d...
2003 Oct 29
3
[Fwd: [squid-users] NTLM Authentication Problem]
...--enable-cache-digests --enable-kill-parent-hack --disable-ident-lookups
authentication in squid.conf configured as:
auth_param ntlm program /usr/local/samba/bin/ntlm_auth -d 10
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
#
auth_param basic program /usr/local/samba/bin/ntlm_auth -d 10
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Highmark Proxy Server
auth_param basic credentialsttl 2 hours
acl internet proxy_auth REQUIRED
http_access allow internet
http_access deny...
2003 Jun 04
0
Spurious auth failures with 2.5S3 + wb_ntlm
.... I have witnessed this behaviour occuring
with IE 5.5 & 6 running on Win98, 2000 and XP.
Relevant parts of the configuration files:
== squid.conf ==
auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
== smb.conf ==
workgroup = MYGROUP
password server = MYPDC
security = domain
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
$ ./wbinfo -a MYGROUP\\steve%password
plaintext password authentication succeeded
challenge/response password authentication...
2004 Nov 29
0
[newbie] SQUID/SAMBA problems with NTLM_Auth
...If I authenticate using /usr/bin/ntlm_auth --username=administrator
It authenticates perfectly.
I have this in my squid.conf
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 45
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
And my ACL's
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255....
2005 Jun 17
0
NTLM, Squid & default domain
...anyone suggest where I should be looking to make it work?
squid.conf lines look like:
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
--require-membership-of=ourdomainame\\ourgroupname
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 20 minutes
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
--require-membership-of=ourdomainame\\ourgroupname
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
Ill post my smb.conf if its asked f...
2006 Mar 23
0
squid + external_acl_type + wbinfo_group.pl, Help needed
...ase Help
Following is my present squid configuration
squid-2.5.STABLE6-3.4E.11
=========================================================
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
external_acl_type nt_group ttl=0 concurrency=5 %LOGIN
/usr/lib/squid/wbinfo_group.pl
acl unrestrictedusers external nt_group internet
http_access allow unrestrictedusers
==========================================================
samba-3.0.21c-1
[global]
workgroup = DNA
server st...
2005 Sep 30
1
Trouble with ntlm_auth
...ls every time. Below are the config lines I'm using:
# Experimental Domain Authentication
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
--require-membership-of=MERCURY\WebAccess
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic --require-membership-of=MERCURY\WebAccess
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl AuthorizedUsers proxy_auth REQUIRED
http_...
2005 Oct 25
1
NTLM auth problems.
...I can
then view users and groups, but with custom setting it doesn't get this far
because the net join fails.
My squid config looks like this:
auth_param ntlm program /usr/local/libexec/squid/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm children 2
auth_param basic program /usr/local/libexec/squid/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 2
auth_param basic realm Cache NTLM Authentication
auth_param basic credentialsttl 2 hours
Anyone got any suggestions? Im totally lost..
Tha...
2005 Nov 07
4
Urgent Samba / Squid NTLM Auth Problems
...is correct as we tried this numerous times and we also tried
copy pasting the password into the required field.
Our squid.conf looks like this:
auth_param ntlm program /usr/local/libexec/squid/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp -d9
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm children 2
auth_param basic program /usr/local/libexec/squid/ntlm_auth
--helper-protocol=squid-2.5-basic -d9
auth_param basic children 2
auth_param basic realm Cache NTLM Authentication auth_param basic
credentialsttl 2 hours
Anyone have any idea as to why that would happ...
2005 Apr 07
2
Samba-Squid-AD: Error returned 'BH NT_STATUS_ACCESS_DENIED'
...5.conf files to much
my AD domain settings.
I joined the domain.
My squid.conf file containes the following:
auth_param ntlm program
/usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program
/usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web
server
auth_param basic credentialsttl 2 hours
acl a...
2004 Nov 24
0
Upgrade from 3.0.7 to 3.0.8 breaks winbind
...alidating user via NTLM.
Error returned 'BH NT_STATUS_ACCESS_DENIED'
The relevent config in squid.conf for this is like so:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
So I checked to see if kerberos was working still.
Running 'kinit adminstrator@S...
2006 Jun 26
1
samba 3.0.20 + squid 2.5 : automatic logon with internet explorer
hello,
samba is setup PDC with ldap
client : windows xp pro sp2
server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard
is it possible to create an automatic logon with internet explorer ?
perhaps with ntlm_auth, but i can't find the good sentence.
thanks.
2005 Apr 04
1
IE improperly prompts for credentials; ntlm_auth with Samba 3.0.13, Squid 2.5.STABLE7, RedHat Linux 9.0, SmartFilter 4.01
...roxy-caching web server
#auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
# Site specific configs
auth_param ntlm program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
.
.
.
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#...
2003 Nov 11
1
ntlm_auth and squid authentication problems
...US_OK: Success (0x0)
then, configure my squid to work with ntlm_auth, so squid.conf will be:
auth_param ntlm program
/usr/squid/libexec/ntlm_auth --debug-level=10 --helper-protocol=squid-2.5-nt
lmssp --nt-response
auth_param ntlm children 40
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program
/usr/squid/libexec/ntlm_auth --debug-level=10 --helper-protocol=squid-2.5-ba
sic --nt-response
auth_param basic children 40
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
Ok ? that's ok.
then I open my IE6, lat...
2003 Apr 07
3
Solaris 8 and winbindd/wbinfo
Hi All,
I cannot get my Samba server 2.2.8 working with winbind correctly on Solaris
8.
I intend to use this to transparently authenticate squid 2.5stable2.
I compiled samba using gcc 2.95.3. configure options were
./configure --with-winbind-auth-challenge --with-winbind --with-pam
root# ./wbinfo -t
Secret is good
root# ./wbinfo -u
0xc0000022
The same thing with wbinfo -g.
getent group
2005 Apr 05
0
Informal HOWTO - transparent authentication and optional outbound web filtering using Samba 3.0.13, Squid 2.5.STABLE7, SmartFilter 4.01, RedHat 9.0 in a Win2003 AD domain
...r this string:
TAG: auth_param
Skip down through the explanatory comments and put in the following
changes in this order:
auth_param ntlm program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
Note that the template squid.conf file has several references to
auth_para...