similar to: Winbind/ntlm_auth issues

Hi all, I have samba4.2 (Version 4.2.0pre1-GIT-6d2f56d) as AD domain controller. Some users can only logon to specific window workstation. Now, we want to configure the samba AD as the user authentication of squid. I use the following configuration in squid. The users without workstation limitation can successfully authenticate to squid, but the user with workstation limitation cannot.

Hello to all, I'm having problem using this enviroment: Squid 2.7.STABLE7 Samba 3.4.7 Squid.conf auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm keep_alive on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param basic children 5 auth_param basic realm Squid proxy-caching web

Hi people: I have a winbind 3.2.5 running on a box to authenticate users in my squid. My PDC is a samba 3.0.24 and it stores users on ldap. I have aprox 500 users and when they all use the squid my winbind generates a lot of traffic to my pdc box causing high load on the smb process that talks to the winbind... killing the performance of the squid. Is there anyway to reduce this traffic? Why

Hello: I have a squid3 with aunteticacion ntlm integrated to samba4 but in workstations with windows 8.1 constantly asked for the username and password and it does not let the user navigate, use debian 8 + samba 4.7.7, no idea because that happens in client with windows 7 works well. smb.conf workgroup = MYDOMINIO security = ads netbios name = srv-proxy server string = Servidor Proxy de

Hi! I have a problem with the ntlm_auth helper (samba-3.0.2) under squid. I got the following from the cache.log: [2003/12/18 15:36:48, 10] utils/ntlm_auth.c:manage_squid_request(1114) Got 'YR' from squid (length: 2). [2003/12/18 15:36:48, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(362) got NTLMSSP packet: [2003/12/18 15:36:48, 10]

Hi, We are running Squid version: 2.5.STABLE13 and Samba version: Version 3.0.21b We have it setup to use NTLM to check that the user belongs to a group within the domain. The need has arrisen to be able to support multiple groups. Is this possible? Our squid.conf section: auth_param ntlm program /ntlm_auth.sh ntlmssp auth_param ntlm max_challenge_reuses 0 auth_param ntlm

Hai, Someone called me called?? I did a quick read here in this thread.. The upn part is done, so your almost there. You need to make sure your DNS is working as it should. To check on the proxy with dig a hostname.FQDN. dig -x ip_the_server Test this for the DC hostnames/ips also. If that all ok, you can try these settings in squid # For squid ( works for me as of squid 3.2 up to 3.5

Hi! I upgraded DC2 and DC3, i will upgrade DC1,, but i will wait In DC3 dont correct message... :-| In DC2/DC3 new msg in syslog many messages equal to this in syslog: May 18 11:50:43 DC3 samba: conn[named_pipe] c[unix:] s[unix:/opt/samba/var/run/ncalrpc/np/netlogon] server_id[2157][2157]:   schannel_check_required: [LOJA09A] is not using schannel What this it is ? Regards On

I've not clear if is a squid or a samba/ntlm_auth trouble... indeed... In Squid i've added: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users' auth_param ntlm children 5 but in 'cache.log' i got: Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID! Winbindd

Hi, I set up Squid 4.6 on Debian 10 and I'm having problems with browser authentication on a Windows station. I did the tests on the command line and apparently it's OK. root at proxy:/etc/squid/acls# /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED lp_load_ex: refreshing parameters Initialising global

Hi all, I'm having trouble getting ntlm_auth working with the "--require-membership-of=" option. I did rebuild the Samba RPM so that it had the --enable-auth="ntlm,basic" and --enable-external-acl-helpers="wbinfo_group" settings. The command line test for the squid-2.5-basic protocol returns an "OK". The one using the squid-2.5-ntlmssp protocol

Hello there. I'm try to configure squid3 with samba4-alpha-10 autentication. My samba4 pdc work fine with a simple smb.conf: [globals] netbios name = PANTRO workgroup = MYDOMAIN realm = MYDOMAIN.LAN server role = domain controller [netlogon] path = /usr/local/samba/var/locks/sysvol/mydomain.lan/scripts read only = no

Hi. I use winbind + squid on Debian Buster to authenticate users + authorize them based on groups they are in. It all works, well, good, but winbind's CPU utilization peaks can reach up to 100%. The same solution ran OK on Debian Jessie with up to 20% CPU utilization at most. The configuration of Buster must have been updated based on the samba version leap/shift compared to Jessie. On

On Fri, 2018-09-07 at 20:14 +0200, Luca Olivetti via samba wrote: > El 7/9/18 a les 17:59, Marco Gaiarin via samba ha escrit: > > > It is better to install squid/freeradius in the same host of a DC, or > > don't bother at all so they can be installed also on a DM? > > I don't know if it's better but I'm running freeradius with ntlm_auth on > a

Hi all, please cc me, i'm not on the list. Second: All google findable information about problems setting up ntlm_auth for squid with winbind are read and checked more than three times. After breaking a running setup under debian squeeze, i go back to debian lenny to circumvent the actual MIT kerberos problem[1]. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566977#57 Now i

Hello, I'm having a little problem after logging into domain via samba, after a few minutes the squid no longer authenticates the users through single sign on and keeps asking for authentication in the browser without stopping. below is my settings and error logs. smb.conf [global]workgroup = SALEnetbios name = utmadmserver string = PROXY SERVERload printers = nolog file =

On Thu, 2018-09-27 at 12:27 +0200, L.P.H. van Belle via samba wrote: > Hai marco,  > > More info on squid config might help here and no smb.conf..  > Ahead of things...   > > And you better use something like this, change to negotiate auth. ( > and use SSO ).  > > auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \ >     --kerberos

Hi, I am running squid and samba to auth users against a 2003 domain. My squid setup is something like this: auth_param ntlm program /usr/local/libexec/squid/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm children 2 auth_param basic program /usr/local/libexec/squid/ntlm_auth

Hello, I have a very strange trouble with samba 3.0.33 when I integrate a Linux server in my Windows 2003 AD. I do : - kinit administartor, it's work. - klist, it's work too. - net join ads -U administrator, it's work. I hev the message that my computer has join the domain and I see the Linux in my Domain. - wbinfo -t give me "checking the trust secret via RPC calls

Greetings: I am in the process of setting up ntlm-based user authentication with Squid. Following the various instructions available in the FAQ and on the mailing list, I have what appears to be a functioning setup: I can use `wbinfo' to authenticate successfully, and Squid works as configured, logging my authenticated username into the logs. However, after what appears to be a random