Displaying 20 results from an estimated 22 matches for "negotiate_kerberos_auth".
2018 Sep 27
1
[OT?] passing group name with spaces to ntlm_auth...
...re info on squid config might help here and no smb.conf..
> Ahead of things...
>
> And you better use something like this, change to negotiate auth. (
> and use SSO ).
>
> auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
> --kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy1.
> internal.domain.tld at REALM \
> #Or if you dont have the SPN set. --kerberos
> /usr/lib/squid/negotiate_kerberos_auth -r -i -s GSS_C_NO_NAME \
> --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --
> domain=NTDOM
>
> And use ldap for the group...
2018 Sep 27
2
[OT?] passing group name with spaces to ntlm_auth...
I've not clear if is a squid or a samba/ntlm_auth trouble... indeed...
In Squid i've added:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users'
auth_param ntlm children 5
but in 'cache.log' i got:
Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID!
Winbindd
2015 Aug 18
0
[squid-users] debian Jessie squid with auth (kerberos/ntlm/basic) ERROR type NTLM type 3
...>its lack of
>security.
>
>Try adding "auth_param negotiate keep_alive off" to close connections
>when Negotiate/NTLM is used and force the client to retry with other
>auth credentials on a clean connection.
these :
>> auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s HTTP/hostname.fqdn at REALM
and
>> auth_param negotiate program /usr/local/bin/negotiate_wrapper
These lines, work both for negotiate kerberos.
The last, when useing : /usr/local/bin/negotiate_wrapper was tested with the parameter
negotiate keep_alive off.
Above works fine with t...
2015 Aug 18
0
[squid-users] debian Jessie squid with auth (kerberos/ntlm/basic) ERROR type NTLM type 3
...;>
>>Try adding "auth_param negotiate keep_alive off" to close connections
>>when Negotiate/NTLM is used and force the client to retry with other
>>auth credentials on a clean connection.
>
>these :
>>> auth_param negotiate program
>/usr/lib/squid3/negotiate_kerberos_auth -s HTTP/hostname.fqdn at REALM
>and
>>> auth_param negotiate program /usr/local/bin/negotiate_wrapper
>These lines, work both for negotiate kerberos.
>The last, when useing : /usr/local/bin/negotiate_wrapper was
>tested with the parameter
>negotiate keep_alive off....
2018 Sep 27
0
[OT?] passing group name with spaces to ntlm_auth...
Hai marco,
More info on squid config might help here and no smb.conf..
Ahead of things...
And you better use something like this, change to negotiate auth. ( and use SSO ).
auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
--kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy1.internal.domain.tld at REALM \
#Or if you dont have the SPN set. --kerberos /usr/lib/squid/negotiate_kerberos_auth -r -i -s GSS_C_NO_NAME \
--ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOM
And use ldap for the groups. Amos explain these thing better th...
2017 May 22
4
Problems with Samba 4.6.3 Authentication
Hi,
I have posted the following message to Squid-Users forum (
squid-users at lists.squid-cache.org).
"I have migrated of Samba 4.2.1 to Samba 4.6.3 as DC, but now my Squid
authentication doesn't work.
In samba 4.2.1 is working properly.
This is my authentication block:
auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b
DC=empresa,DC=com,DC=br -D
2019 Aug 23
0
[squid-users] AD user Login + Squid Proxy + Automatic Authentication
...NAME
?
# set rights.
chgrp proxy /etc/squid/HTTP-$(hostname -s).keytab
chmod g+r /etc/squid/HTTP-$(hostname -s).keytab
?
and use this for auth in squid.
### negotiate kerberos and ntlm authentication
auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
??? --kerberos /usr/lib/squid/negotiate_kerberos_auth -k /etc/squid/HTTP-hostname.keytab \
????? -s HTTP/hostname.fqdn at REALM \
??? --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOM
auth_param negotiate children 30 startup=5 idle=5
auth_param negotiate children 10
auth_param negotiate keep_alive on
If you serve multiple Kerberos...
2019 Aug 13
3
winbind - frequent high CPU utilization
Hi.
I use winbind + squid on Debian Buster to authenticate users + authorize
them based on groups they are in. It all works, well, good, but winbind's
CPU utilization peaks can reach up to 100%. The same solution ran OK on
Debian Jessie with up to 20% CPU utilization at most.
The configuration of Buster must have been updated based on the samba
version leap/shift compared to Jessie.
On
2015 Aug 05
5
LDAP bindpw password
Hi.
I'm using Samba 4 on two Zentyal servers as Domain Controller and now
I have to authenticate some services to it (Apache and PAM in
particular).
The LDAP integration asks me for a LDAP bind password, but I cannot
find out where it is on Zentyal.
Is there a way to check (or change it) directly on Samba 4?
Or is it preferable to authenticate against Active Directory or Kerberos?
Thank you
2017 May 23
0
Problems with Samba 4.6.3 Authentication
...rg
> Onderwerp: Re: [Samba] Problems with Samba 4.6.3 Authentication
>
> Not really a samba question but..
>
> I suggest you switch to kerberos auth.
> Thats this line:
> auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
> --kerberos /usr/lib/squid/negotiate_kerberos_auth -s
> HTTP/hostname.internal.dnsdomain.tld at REALM \
> --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego
> --domain=NTDOM
>
> Or
> auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
> --kerberos /usr/lib/squid/negotiate_kerberos_auth -s
> G...
2018 Apr 11
0
Question: Samba and YP-Yellow Pages relation.
...I use the wrapper for a machine that is NOT on a Domain,
> it just fails, which is fine because the credentials don't
> match anything.
Correct, if you want this to work you could try :
auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
--kerberos /usr/lib/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME \
--ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOM
Now you dont need the UPN in the DNS. ( ! Its really adviced to have it ) but
you are still trying to auth over kerberos first.
! Do note, the server still needs to be domain joined.
> But If I break...
2016 Dec 28
1
Error with samba update in debian.
And i forgot to mention.
This is what i have for my squid.
auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
--kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy.internal.domain.tld at REALM \
--ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOMAIN
See the ntlm line. => --helper-protocol=gss-spnego
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at...
2015 Aug 05
0
LDAP bindpw password
...AuthName "Website Login"
KrbMethodNegotiate On
KrbMethodK5Passwd Off
KrbServiceName HTTP
KrbAuthRealms INTERNAL.DOMAIN.TLD
Krb5KeyTab /etc/apache2/hostname-apache.keytab
require valid-user
an squid kerberos example.
auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s HTTP/hostname.internal.domain.tld at INTERNAL.DOMAIN.TLD
auth_param negotiate children 10 startup=0 idle=1
a squid3 fall back to ldap - AD auth.!!
auth_param basic program /usr/lib/squid3/basic_ldap_auth -R \
-b "OU=Users,DC=internal,DC=domain,DC=tld" \
-D ldapbind a...
2018 Sep 07
3
NTLM auth, better on a DC or on a DM?
On Fri, 2018-09-07 at 20:14 +0200, Luca Olivetti via samba wrote:
> El 7/9/18 a les 17:59, Marco Gaiarin via samba ha escrit:
>
> > It is better to install squid/freeradius in the same host of a DC, or
> > don't bother at all so they can be installed also on a DM?
>
> I don't know if it's better but I'm running freeradius with ntlm_auth on
> a
2019 Apr 18
3
samba 4.10 + SQUID 4.6 (FreeBSD) Fresh install - Error ownership folder
Hello everyone,
Just made a brand new installation of the Samba 4.10 for FreeBSD (got it
from FreeNAS project) and it worked very well but I am facing some issues
while working with it + Squid 4.6
Here is the thing. I could Join the machine to my Domain with absolutely no
problems. I also created the Kerberos keytab, etc.
For some reason, the Squid Helpers are showing an error message, like
2018 Apr 06
1
Question: Samba and YP-Yellow Pages relation.
...settings in squid
# For squid ( works for me as of squid 3.2 up to 3.5 )
# negotiate kerberos and ntlm authentication + ldap fallback.
# Debugging. -d in the kerberos line, --diagnostics in ntlm)
auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
--kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/your.server.hostname.in.fqdn at YOUR_REALM \
--ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOM
# adjust this to you needs, you might want to lower the childeren and startups.
auth_param negotiate children 10 startup=2 idle=2
auth_param negotiate keep_alive on
# My...
2019 Aug 05
0
problems with authentication
...f)
chmod 640 krb5-squid-HTTP-$(hostname -s).keytab
chown root:proxy krb5-squid-HTTP-$(hostname -s).keytab
And use this for the squid authentication.
### Negotiate (Kerberos and NTLM) authentication
auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
--kerberos /usr/lib/squid/negotiate_kerberos_auth -k /etc/squid/krb5-squid-HTTP-CHANGE_To_HOSTNAME-S_HERE.keytab \
-s HTTP/HTTP-CHANGE_TO_HOSTNAME-S_HERE at REALM \
--ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOM-HERE
auth_param negotiate children 30 startup=5 idle=5
auth_param negotiate children 10
auth_param negot...
2015 Oct 19
5
Samba 4 + Squidguardian
On 19/10/15 16:46, mathias dufresne wrote:
> AD from Samba or Microsoft is mainly a database for storing users (and
> associated stuffs). It comes also with stuffs (protocols) to connect and
> retrieve information.
>
> How the client uses these information is, as always, a choice from that
> specific client.
>
> Your AD client is your Squid/Squidguard(ian) server. Its job
2018 Jun 08
2
samba4+squid3+ntlm
Hello:
I have a squid3 with aunteticacion ntlm integrated to samba4 but in workstations with windows 8.1 constantly asked for the username and password and it does not let the user navigate, use debian 8 + samba 4.7.7, no idea because that happens in client with windows 7 works well.
smb.conf
workgroup = MYDOMINIO
security = ads
netbios name = srv-proxy
server string = Servidor Proxy de
2020 Jul 30
1
ntlm authentication issues
Hi,
I set up Squid 4.6 on Debian 10 and I'm having problems with browser
authentication on a Windows station.
I did the tests on the command line and apparently it's OK.
root at proxy:/etc/squid/acls# /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global