Hi,
I'm hoping someone can help with this possibly trivial issue.
I am trying to configure NTLM authentication on my Redhat 9 box by
following the instructions in the new O'Reily squid book... I have
configured NTLM authentication with the SMB helper. When I connect to the
proxy using IE6sp1 I am prompted for my user credentials. Submitting them
elicits the correct response, but I was under them impression that when
using IE I should not see a password prompt at all - i.e. it uses
passthrough authentication.
Am I wrong?
I have configured squid.conf with the following:
auth_param ntlm program /usr/lib/squid/ntlm_auth domain\dc
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
which was pasted straight out of the examples in the file and it is the
same the example in the book.
I am using the following acl and http_access rule:
acl admins proxy_auth idbs\aanderson
http_access allow !admins
This is to prevent access only to myself... And, like I said, it works
after I've been prompt for username/password.
Squid is compiled as follows:
Squid Cache: Version 2.5.STABLE5
configure options: --program-prefix= --prefix=/usr --exec-prefix=/usr
--bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc
--datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib
--libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com
--mandir=/usr/share/man --infodir=/usr/share/info --exec_prefix=/usr
--bindir=/usr/sbin --libexecdir=/usr/lib/squid --localstatedir=/var
--sysconfdir=/etc/squid --enable-poll --enable-snmp
--enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,ufs
--enable-ssl --with-openssl=/usr/kerberos --enable-delay-pools
--enable-linux-netfilter --with-pthreads
--enable-basic-auth-helpers=LDAP,NCSA,PAM,SMB,SASL,MSNT --enable-auth
--enable-ntlm-auth-helpers=SMB,winbind --enable-ntlm-fail-open
--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group,winbind_group
I downloaded and installed the latest sources from squid-cache.org and
assume that this will include the latest patches?
Is it possible to configure Squid to so users are not prompted for logon
credentials?
Thanks
Ash Anderson
MCP, MCSA, A+.
ID Business Solutions.
Tel: +44 (0)1483 595000
****************************************************************************
XLfit 4 is now available. Powerful curve fitting, statistics and results
presentation for Excel. Trial XLfit 4 for 30 days free of charge and
without obligation: http://www.id-bs.com/xlfit4
*****************************************************************************
The information contained in this email may contain confidential or
legally privileged information. If you are not the intended recipient any
disclosure, copying, distribution or taking any action on the contents
of this information may be unlawful. If you have received this email in
error, please delete it from your system and notify us immediately. Any
views expressed in this message are those of the individual sender, except
where the message states otherwise. IDBS takes no responsibility for any
computer virus which might be transferred by way of this email and
recommends that you subject any incoming E-mail to your own virus
checking procedures. We may monitor all E-mail communication through our
networks.
If you contact us by E-mail, we may store your name and address to
facilitate communication.
**********************************************************************
Received on Thu Mar 04 2004 - 01:46:47 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:01 MST