similar to: [squid-users] AD user Login + Squid Proxy + Automatic Authentication

Hai, I think this is an old bug.. ( pretty sure about it ) And i suggest to dont change anything except smb.conf. Your trying to use kerbereros usersname. wbinfo -a marcio at EMPRESA.COM.BR Enter marcio at EMPRESA.COM.BR's password: And you using: winbind use default domain = yes This is and old bug somewhere in 4.5/4/6 i believe. Only change these, yes only slows down you

For got to mention. If you dont have any certificates setup and not using tls. Set on the DC's. ldap server require strong auth = allow_sasl_over_tls Or ldap server require strong auth = no And you may need to enable NTLM v1 on the proxy also, but thats why i recommends kerberos auth. SO preffered imo, try to avoid any NTLM to improve your security. For NTLM v1 then you

Hai Amos, Thank you for your very clear responce.. few small questions.. Is there a way to setup the proxy for the following. 1) use negotiate kerberos for auth, ( which is working already for all domain joined machines ) 2) use a fall back that works, for now basic ldap works for non windows machines, and domain joined machines. 3) use any other fallback way for authentication users on windows

Hai Fabricio, > Hello Louis, > I did all the tests and they worked, but here some questions. > > When using the wrapper with samba47, I see the squid tries > Kerberos, if it doesn't work, it goes for NTLM. Yes and no, read on you see why i say yes and no.. > If I use the wrapper for a machine that is NOT on a Domain, > it just fails, which is fine because the

Hai marco, More info on squid config might help here and no smb.conf.. Ahead of things... And you better use something like this, change to negotiate auth. ( and use SSO ). auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \ --kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy1.internal.domain.tld at REALM \ #Or if you dont have the SPN set. --kerberos

... sorry wrong list.. but you can read it and learn from it.. :-)) Greetz, Louis >-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens >L.P.H. van Belle >Verzonden: dinsdag 18 augustus 2015 9:45 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] [squid-users] debian Jessie squid with >auth (kerberos/ntlm/basic) ERROR

On Thu, 2018-09-27 at 12:27 +0200, L.P.H. van Belle via samba wrote: > Hai marco,  > > More info on squid config might help here and no smb.conf..  > Ahead of things...   > > And you better use something like this, change to negotiate auth. ( > and use SSO ).  > > auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \ >     --kerberos

Hai, Someone called me called?? I did a quick read here in this thread.. The upn part is done, so your almost there. You need to make sure your DNS is working as it should. To check on the proxy with dig a hostname.FQDN. dig -x ip_the_server Test this for the DC hostnames/ips also. If that all ok, you can try these settings in squid # For squid ( works for me as of squid 3.2 up to 3.5

Hi, I have posted the following message to Squid-Users forum ( squid-users at lists.squid-cache.org). "I have migrated of Samba 4.2.1 to Samba 4.6.3 as DC, but now my Squid authentication doesn't work. In samba 4.2.1 is working properly. This is my authentication block: auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b DC=empresa,DC=com,DC=br -D

Hello: I have a squid3 with aunteticacion ntlm integrated to samba4 but in workstations with windows 8.1 constantly asked for the username and password and it does not let the user navigate, use debian 8 + samba 4.7.7, no idea because that happens in client with windows 7 works well. smb.conf workgroup = MYDOMINIO security = ads netbios name = srv-proxy server string = Servidor Proxy de

Hi. I use winbind + squid on Debian Buster to authenticate users + authorize them based on groups they are in. It all works, well, good, but winbind's CPU utilization peaks can reach up to 100%. The same solution ran OK on Debian Jessie with up to 20% CPU utilization at most. The configuration of Buster must have been updated based on the samba version leap/shift compared to Jessie. On

Rowland, dont be to hard on the guy.. ;-) Sorry that i cant help out more atm but im in process of win7 to win 10 testing with samba, and mainwhile doing a rollout.. :-/ Here are some working examples on debian jessie.. with samba 4.1.7 debian. an apache2.4 kerberos auth example. AuthType Kerberos AuthName "Website Login" KrbMethodNegotiate On KrbMethodK5Passwd

I've not clear if is a squid or a samba/ntlm_auth trouble... indeed... In Squid i've added: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users' auth_param ntlm children 5 but in 'cache.log' i got: Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID! Winbindd

Hai, ? Im know this might not be the place to ask, but im doing it anyway..? ;-) ? Im testing an debian Jessie server with squid3 ( 3.4.8 ) Its running Debian Samba 4.1.13 with winbind. ? Im having troubles, to get the squid auth working. So my question is is someone here using kerberos authentication on squid. ( 3.4.x ) Or someone who is using the gss-spnego helper protocol. ? Im using this

And i forgot to mention.   This is what i have for my squid.   auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \     --kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy.internal.domain.tld at REALM \     --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOMAIN   See the ntlm line. =>  --helper-protocol=gss-spnego     Greetz,  

YES!!!!!!!!!!!!!!! HOT DOGGIES!!!!!!!!!!!!!!!!!!!!! I think I fixed it. The problem - Squid worked at my test site - it did not popup a login window, but instead used Ssamba's ntlm helper program to get credentials from IE. But at my customer site it did (improperly) popup a login window. The squid.conf files were almost identical - even to the point where my working test site incorrectly

Morning all, Im trying to resolve a problem with the way a new squid server im building handles NTLM authentication for Windows clients that arent part of the default domain. I have two groups of PCs. The first group of PC's are in the same domain as my squid server (which obviously has a working samba running on it as well). This first group of PC's are using NTLM authentication in

Hello, I havn't gotten an answer over on the squid usergroup - so I'm hoping someone can help me here. SUSE - 9.1 SQUID - 2.5.STABLE5 SAMBA - 3.0.2a-SUSE (the one that came with SUSE Installer by YAST) I have set up squid, samba, got the winbind to work great Wbinfo -t, -u, -g all work great Squid also worked great until I tried to tie in NTLM_Auth If I authenticate using

Hi, I've already tried this in a squid list, but no response so maybe my problem is related to my squid conf. I'm setting up a squid proxy to auth against our 2003 ADS I have ntlm working so it authenticates both transparently to the user and using domain\username login. My Problem is getting squid to auth with just the username not requiring the domain\ part. The docs say I need

Hi everybody, I setup squid-2.5.STABLE9 with samba-3.0.13 to use winbind authentication over a Windows 2003 Active Directory. Web users' authentication from my proxy server box succeedes. But when a remote user try to authenticate himself, authentication failes and Squid return the following: authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH