Displaying 20 results from an estimated 9000 matches similar to: "[squid-users] debian Jessie squid with auth (kerberos/ntlm/basic) ERROR type NTLM type 3"
2015 Aug 18
0
[squid-users] debian Jessie squid with auth (kerberos/ntlm/basic) ERROR type NTLM type 3
Hai Amos,
Thank you for your very clear responce.. few small questions..
Is there a way to setup the proxy for the following.
1) use negotiate kerberos for auth, ( which is working already for all domain joined machines )
2) use a fall back that works, for now basic ldap works for non windows machines, and domain joined machines.
3) use any other fallback way for authentication users on windows
2018 Jun 08
2
samba4+squid3+ntlm
Hello:
I have a squid3 with aunteticacion ntlm integrated to samba4 but in workstations with windows 8.1 constantly asked for the username and password and it does not let the user navigate, use debian 8 + samba 4.7.7, no idea because that happens in client with windows 7 works well.
smb.conf
workgroup = MYDOMINIO
security = ads
netbios name = srv-proxy
server string = Servidor Proxy de
2015 Aug 05
0
LDAP bindpw password
Rowland,
dont be to hard on the guy.. ;-)
Sorry that i cant help out more atm but im in process of win7 to win 10 testing with samba,
and mainwhile doing a rollout.. :-/
Here are some working examples on debian jessie.. with samba 4.1.7 debian.
an apache2.4 kerberos auth example.
AuthType Kerberos
AuthName "Website Login"
KrbMethodNegotiate On
KrbMethodK5Passwd
2018 Apr 11
0
Question: Samba and YP-Yellow Pages relation.
Hai Fabricio,
> Hello Louis,
> I did all the tests and they worked, but here some questions.
>
> When using the wrapper with samba47, I see the squid tries
> Kerberos, if it doesn't work, it goes for NTLM.
Yes and no, read on you see why i say yes and no..
> If I use the wrapper for a machine that is NOT on a Domain,
> it just fails, which is fine because the
2017 May 23
0
Problems with Samba 4.6.3 Authentication
For got to mention.
If you dont have any certificates setup and not using tls.
Set on the DC's.
ldap server require strong auth = allow_sasl_over_tls
Or
ldap server require strong auth = no
And you may need to enable NTLM v1 on the proxy also, but thats why i recommends kerberos auth.
SO preffered imo, try to avoid any NTLM to improve your security.
For NTLM v1 then you
2019 Aug 05
0
problems with authentication
Hai,
I think this is an old bug.. ( pretty sure about it )
And i suggest to dont change anything except smb.conf.
Your trying to use kerbereros usersname.
wbinfo -a marcio at EMPRESA.COM.BR
Enter marcio at EMPRESA.COM.BR's password:
And you using:
winbind use default domain = yes
This is and old bug somewhere in 4.5/4/6 i believe.
Only change these, yes only slows down you
2019 Aug 23
0
[squid-users] AD user Login + Squid Proxy + Automatic Authentication
The most simple way to add SSO.
?
Install winbind krb5-user, then?your smb.conf,? update this config :
[global]
??? # Auth-Only setup with winbind. ( no Shares )
????log level = 1
??? workgroup = NTDOM
??? security = ADS
??? realm = YOUR-REALM
??? netbios name = HOSTNAME
?
??? preferred master = no
??? domain master = no
??? host msdfs = no
??? dns proxy = yes
?
??? interfaces = eth0 lo
??? bind
2018 Apr 06
1
Question: Samba and YP-Yellow Pages relation.
Hai,
Someone called me called??
I did a quick read here in this thread..
The upn part is done, so your almost there.
You need to make sure your DNS is working as it should.
To check on the proxy with
dig a hostname.FQDN.
dig -x ip_the_server
Test this for the DC hostnames/ips also.
If that all ok, you can try these settings in squid
# For squid ( works for me as of squid 3.2 up to 3.5
2017 May 22
4
Problems with Samba 4.6.3 Authentication
Hi,
I have posted the following message to Squid-Users forum (
squid-users at lists.squid-cache.org).
"I have migrated of Samba 4.2.1 to Samba 4.6.3 as DC, but now my Squid
authentication doesn't work.
In samba 4.2.1 is working properly.
This is my authentication block:
auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b
DC=empresa,DC=com,DC=br -D
2009 Dec 28
2
Samba4 and Squid3 with ntlm_auth
Hello there.
I'm try to configure squid3 with samba4-alpha-10 autentication.
My samba4 pdc work fine with a simple smb.conf:
[globals]
netbios name = PANTRO
workgroup = MYDOMAIN
realm = MYDOMAIN.LAN
server role = domain controller
[netlogon]
path = /usr/local/samba/var/locks/sysvol/mydomain.lan/scripts
read only = no
2014 Nov 11
3
ntlm_auth NT_STATUS_INVALID_WORKSTATION Question
Hi all,
I have samba4.2 (Version 4.2.0pre1-GIT-6d2f56d) as AD domain controller.
Some users can only logon to specific window workstation. Now, we want to
configure the samba AD as the user authentication of squid. I use the
following configuration in squid. The users without workstation limitation
can successfully authenticate to squid, but the user with workstation
limitation cannot.
2018 Jan 10
1
NTLM, MSCHAPv2, squid & freeradius...
Currently (samba 4 NT-like domains) i use extensively NTLM auth in
freeradius and more mildly in squid, respectively with:
Freeradius (mschap module):
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=SANVITO --username=%{mschap:User-Name:-None} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
squid3:
auth_param ntlm program /usr/bin/ntlm_auth
2010 Jul 12
1
ntlm locking user accounts in 2003 AD
Hello to all,
I'm having problem using this enviroment:
Squid 2.7.STABLE7
Samba 3.4.7
Squid.conf
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param basic children 5
auth_param basic realm Squid proxy-caching web
2018 Sep 27
1
[OT?] passing group name with spaces to ntlm_auth...
On Thu, 2018-09-27 at 12:27 +0200, L.P.H. van Belle via samba wrote:
> Hai marco,
>
> More info on squid config might help here and no smb.conf..
> Ahead of things...
>
> And you better use something like this, change to negotiate auth. (
> and use SSO ).
>
> auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
> --kerberos
2018 Sep 27
0
[OT?] passing group name with spaces to ntlm_auth...
Hai marco,
More info on squid config might help here and no smb.conf..
Ahead of things...
And you better use something like this, change to negotiate auth. ( and use SSO ).
auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
--kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy1.internal.domain.tld at REALM \
#Or if you dont have the SPN set. --kerberos
2020 Jul 30
1
ntlm authentication issues
Hi,
I set up Squid 4.6 on Debian 10 and I'm having problems with browser
authentication on a Windows station.
I did the tests on the command line and apparently it's OK.
root at proxy:/etc/squid/acls# /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global
2009 Jun 25
0
ADS auth for squid
Hi,
I've already tried this in a squid list, but no response so maybe my
problem is related to my squid conf.
I'm setting up a squid proxy to auth against our 2003 ADS
I have ntlm working so it authenticates both transparently to the user
and using domain\username login.
My Problem is getting squid to auth with just the username not requiring
the domain\ part.
The docs say I need
2010 Feb 11
0
squid, ntlm_auth, winbind problem
Hi all,
please cc me, i'm not on the list.
Second: All google findable information about problems setting up
ntlm_auth for squid with winbind are read and checked more than
three times.
After breaking a running setup under debian squeeze, i go back to debian
lenny to circumvent the actual MIT kerberos problem[1].
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566977#57
Now i
2005 Jun 17
0
NTLM, Squid & default domain
Morning all,
Im trying to resolve a problem with the way a new squid server im
building handles NTLM authentication for Windows clients that arent
part of the default domain.
I have two groups of PCs. The first group of PC's are in the same
domain as my squid server (which obviously has a working samba running
on it as well). This first group of PC's are using NTLM authentication
in
2014 Dec 18
0
Samba 4 with squid3 (--helper-protocol=gss-spnego )
Hai,
?
Im know this might not be the place to ask, but im doing it anyway..? ;-)
?
Im testing an debian Jessie server with squid3 ( 3.4.8 )
Its running Debian Samba 4.1.13 with winbind.
?
Im having troubles, to get the squid auth working.
So my question is is someone here using kerberos authentication on squid. ( 3.4.x )
Or someone who is using the gss-spnego helper protocol.
?
Im using this