RE: [squid-users] Squid with auth NTLM

Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ?

I would troubleshoot your domain connectivity before you worry about squid.

-----Original Message-----
From: Amos Jeffries [mailto:squid3@treenet.co.nz]
Sent: Mon 12/17/2007 7:33 PM
To: Leandro Ferrrari
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid with auth NTLM
 
> I have configured squid 3.0 with NTLM, and this configuration in
> squid.conf is:
>
> auth_param ntlm program /usr/local/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 30
> auth_param ntlm max_challenge_lifetime 2 minutes
>
> auth_param basic program /usr/local/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
>
> When a test the ntlm auth, in the Explorer client with a user
> authenticate in Domain Controller Windows 2003, the explorer or
> firefox show popup of the basic auth.
> How to use the ntlm auth with an user of the domain group without auth
> basic?

Remove the basic configuration to not use it.
You NTLM is broken by the sound of it if its always falling back on basic.
Although the login box does not necessarily mean basic is being used. It
could just be that the browser has no working credentials for the user to
login NTLM with.

Amos
Received on Mon Dec 17 2007 - 17:44:37 MST