Re: [squid-users] Problems using NTLM authentication

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 13 Dec 2002 22:15:06 +0100

On Friday 13 December 2002 16.11, Jairo.Castaņeda wrote:
> Hello all,
>
> First let me explain what I need to do:
> I need that only users belonging to a NT group called Internet surf
> the web. As I'm using squid as my proxy I need to use NTLM
> authentication, right?

Not neccesarily.

You need NTLM authentication if you want the authentication to Squid
to be transparent to your users.

> - Samba's winbindd testing was ok. I got the messages I was
> supposed to get ("secret was good", and wbinfo -a with the NT
> username and password was successful)

There should also be a note about challenge/response authentication.
If not you cannot use NTLM.

> I have some questions regarding NTLM authentication:
> - How do I establish permissions based on NT groups? I didn't see
> that on the FAQ section...maybe I missed it.

It has not yet been documented in the FAQ.

You use the wb_group external_acl helper. See
helpers/external_asl/winbind_group/

> - How can I test from command line if my authentication scheme is
> working...

See the Squid FAQ. The same section who talks about winbind
installation also includes testing of the connection to winbind.

Regards
Henrik
Received on Fri Dec 13 2002 - 14:15:18 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:05 MST