Jairo,
Sounds like you're not authenticating with your NT auth server/LM and you've
still got userproxy access turned on in squid.conf.
d
----- Original Message -----
From: "Jairo.Castaņeda" <Jairo.Castaneda@siemens.com>
To: "'Henrik Nordstrom'" <hno@marasystems.com>; "Squid List (E-mail)"
<squid-users@squid-cache.org>
Sent: Monday, December 16, 2002 5:05 PM
Subject: RE: [squid-users] Problems using NTLM authentication
Hello again,
Well, I do need NTLM Authentication because I need the authentication
process to be transparent to my users. Right now, it's working but it's not
transparent. A popup window appears asking for an username/password and if I
type a valid one I get through... Any ideas why it's not transparent?
I'm using IE 6.0, my PC is logged into the domain and according to the FAQ a
password prompt should NOT pop up...
Henrik, thanks for the help on the wb_group external_acl helper... However I
think I should find out first why my authentication scheme is not
transparent before I try to filter web traffic based on NT groups, don't you
think?
Regards,
-----Original Message-----
From: Henrik Nordstrom [mailto:hno@marasystems.com]
Sent: Viernes, 13 de Diciembre de 2002 04:15 p.m.
To: Jairo.Castaņeda; Squid List (E-mail)
Subject: Re: [squid-users] Problems using NTLM authentication
On Friday 13 December 2002 16.11, Jairo.Castaņeda wrote:
> Hello all,
>
> First let me explain what I need to do:
> I need that only users belonging to a NT group called Internet surf
> the web. As I'm using squid as my proxy I need to use NTLM
> authentication, right?
Not neccesarily.
You need NTLM authentication if you want the authentication to Squid
to be transparent to your users.
> - Samba's winbindd testing was ok. I got the messages I was
> supposed to get ("secret was good", and wbinfo -a with the NT
> username and password was successful)
There should also be a note about challenge/response authentication.
If not you cannot use NTLM.
> I have some questions regarding NTLM authentication:
> - How do I establish permissions based on NT groups? I didn't see
> that on the FAQ section...maybe I missed it.
It has not yet been documented in the FAQ.
You use the wb_group external_acl helper. See
helpers/external_asl/winbind_group/
> - How can I test from command line if my authentication scheme is
> working...
See the Squid FAQ. The same section who talks about winbind
installation also includes testing of the connection to winbind.
Regards
Henrik
Received on Tue Dec 17 2002 - 03:50:39 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:06 MST