similar to: ntlm_auth and AD

Hi all, I have just installed and configured a squid setup authenticating against Active Directory using kerberos tickets and have achieved the holy-grail of IT - Single Sign On! The problem is that I have two users for whom is does not work. The ntlm_auth logs show that for users that are properly authenticated against squid we get the following (Usernames/Domains/Hosts have been changed for

Hello. I am using squid with ntlm authentication against a samba PDC. It has worked for me perfectly in debian etch with samba version 3.0.24, and ubuntu Gutsy with samba 3.0.26a. But when I have upgraded those servers to hardy (samba 3.0.28a) and lenny (3.2.3), thn sqwuid auth has stopped working, without any other config change. Squid version I am using is 2.6-STABLE17, and . I am using the

Hello, I havn't gotten an answer over on the squid usergroup - so I'm hoping someone can help me here. SUSE - 9.1 SQUID - 2.5.STABLE5 SAMBA - 3.0.2a-SUSE (the one that came with SUSE Installer by YAST) I have set up squid, samba, got the winbind to work great Wbinfo -t, -u, -g all work great Squid also worked great until I tried to tie in NTLM_Auth If I authenticate using

Hi all, I'm having trouble getting ntlm_auth working with the "--require-membership-of=" option. I did rebuild the Samba RPM so that it had the --enable-auth="ntlm,basic" and --enable-external-acl-helpers="wbinfo_group" settings. The command line test for the squid-2.5-basic protocol returns an "OK". The one using the squid-2.5-ntlmssp protocol

Hi, We are running Squid version: 2.5.STABLE13 and Samba version: Version 3.0.21b We have it setup to use NTLM to check that the user belongs to a group within the domain. The need has arrisen to be able to support multiple groups. Is this possible? Our squid.conf section: auth_param ntlm program /ntlm_auth.sh ntlmssp auth_param ntlm max_challenge_reuses 0 auth_param ntlm

Hai marco, More info on squid config might help here and no smb.conf.. Ahead of things... And you better use something like this, change to negotiate auth. ( and use SSO ). auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \ --kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy1.internal.domain.tld at REALM \ #Or if you dont have the SPN set. --kerberos

Hi all, I've a little problem using ntlm_auth with squid. Scenario: Redhat 9, Samba 3 compiled, squid-2.5 compiled. smb.conf: [global] encrypt passwords = Yes winbind separator = \ winbind cache time = 10 template homedir = /home/%D/%U template shell = /bin/bash idmap uid = 10000-20000 idmap gid = 10000-20000 winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes

Hi, I'm struggling to get squid+ntlm_auth working correctly. I have successfully joined the domain, and I am able to successfully enumerate groups and users using wbinfo. I can also successfully run "wbinfo -a." However, once I configure Squid to use ntlm_auth per: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --debug-level=10 --nt-response

i get a big problem with authentication popups (with squid) when the connection to my AD dies. what options do i have to ensure less downtime when my AD backend dies ? i would like something that for example caches the users credentials , while testing for AD availability before coming back online. my setup is samba-winbind-3.0.20b-3.4 samba-3.0.20b-3.4 kerberos windows 2003 server.

Hi! I have a problem with the ntlm_auth helper (samba-3.0.2) under squid. I got the following from the cache.log: [2003/12/18 15:36:48, 10] utils/ntlm_auth.c:manage_squid_request(1114) Got 'YR' from squid (length: 2). [2003/12/18 15:36:48, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(362) got NTLMSSP packet: [2003/12/18 15:36:48, 10]

YES!!!!!!!!!!!!!!! HOT DOGGIES!!!!!!!!!!!!!!!!!!!!! I think I fixed it. The problem - Squid worked at my test site - it did not popup a login window, but instead used Ssamba's ntlm helper program to get credentials from IE. But at my customer site it did (improperly) popup a login window. The squid.conf files were almost identical - even to the point where my working test site incorrectly

On Thu, 2018-09-27 at 12:27 +0200, L.P.H. van Belle via samba wrote: > Hai marco,  > > More info on squid config might help here and no smb.conf..  > Ahead of things...   > > And you better use something like this, change to negotiate auth. ( > and use SSO ).  > > auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \ >     --kerberos

This turned into the mother of all system integration exercises and I **almost** have it working. I am trying to set up proxy authorization using: RedHat Linux 9.0, MIT Kerberos 1.4 built from source, Samba 3.0.13 built from source, Squid 2.5.STABLE7 built from source SmartFilter 4.01. Active Directory with Windows 2003 Why not use RPMs? Well - ADS support for Windows 2003 needs

Hello there. I'm try to configure squid3 with samba4-alpha-10 autentication. My samba4 pdc work fine with a simple smb.conf: [globals] netbios name = PANTRO workgroup = MYDOMAIN realm = MYDOMAIN.LAN server role = domain controller [netlogon] path = /usr/local/samba/var/locks/sysvol/mydomain.lan/scripts read only = no

I'm trying to get mod_auth_ntlm with apache2 to work but it refuses to do so. ntlm_auth does work if I use the commandline argument. The error I got is: [2009/01/13 13:07:09, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam:

Hi all, please cc me, i'm not on the list. Second: All google findable information about problems setting up ntlm_auth for squid with winbind are read and checked more than three times. After breaking a running setup under debian squeeze, i go back to debian lenny to circumvent the actual MIT kerberos problem[1]. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566977#57 Now i

I've not clear if is a squid or a samba/ntlm_auth trouble... indeed... In Squid i've added: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users' auth_param ntlm children 5 but in 'cache.log' i got: Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID! Winbindd

Isn't possible to test the ntlm_auth with the ntlmssp protocol in a command line mode, you must use a browser able to handle ntlm because only this sort of browser send the appropriate ntlm challenges, try IE. Estevam Henrique -----Mensagem original----- De: samba-bounces+ecarvalho=bmf.com.br@lists.samba.org [mailto:samba-bounces+ecarvalho=bmf.com.br@lists.samba.org] Em nome de Champaka

Hi all, I have samba4.2 (Version 4.2.0pre1-GIT-6d2f56d) as AD domain controller. Some users can only logon to specific window workstation. Now, we want to configure the samba AD as the user authentication of squid. I use the following configuration in squid. The users without workstation limitation can successfully authenticate to squid, but the user with workstation limitation cannot.

Is /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp supposed to be working at this stage of samba 3? With RH EL3 beta (taroon) which comes with samba-3.0.0-3rc1.3E packages (and squid-2.5.STABLE3-2.3E packages), the /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic helper works great but /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp always fails (NTLMSSP