> From: Paul Matthews [mailto:paul.matthews@cathedral.qld.edu.au]
> Subject: [squid-users] NTLM without username/password prompt
>
> I've setup NTLM authentication on my fedora box a few times before and
> it all went off without a problem, seamless authentication, it was
> great. But now I'm trying to get it done on a RHEL 4 box and it's not
> going so well, I've got samba authenticating against my
> Active directory
>
> [root@rhel4 /]# wbinfo -t
> checking the trust secret via RPC calls succeeded
>
> but when I use my MSIE browser when I'm logged into the domain I get a
> username/password prompt. I want it to be able to do it on the
> background, any suggestions?
>
> I've read just about everything there is to read on the net.
>
> Here is my what I have added to my squid.conf
>
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hour
> auth_param basic casesensitive off
> auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
> auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 30
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 hour
>
>
> acl ntlm proxy_auth REQUIRED
>
> http_access allow ntlm
>
> I don't have one http_access rule and that's to allow the ntlm users
> through.
> Any suggestions?
>
Paul,
Try reversing the order your auth_param basic and
ntlm declarations. While browsers are supposed to
pick the strongest authentication method, most seem
to latch onto the first one supplied.
Regards,
David.
__
David Gameau
ISTS - Systems Infrastructure Group
University of South Australia
email: David.Gameau@UniSA.edu.au
phone: +61 8 302 3533
fax: +61 8 302 5800
Disclaimer: "His brain sometimes stops working." - Chiyo, Azumanga Daioh
Received on Wed Sep 21 2005 - 22:52:48 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:03 MDT