Yes it is.
-----Messaggio originale-----
Da: pwasenda@ura.go.ug [mailto:pwasenda@ura.go.ug]
Inviato: luned́ 12 giugno 2006 15.01
A: Franco, Battista
Cc: squid-users@squid-cache.org
Oggetto: Re:[squid-users] AD and Single Sign On
Is that computer on your windows domain ?
Quoting "Franco, Battista" <Battista.Franco@saint-gobain.com>:
> Hello
> I configured squid and samba but (from a client with MS IE 6) when i
> tried to connect to internet the pop-up with a request of username and
> password appears.
> More info below:
>
> # wbinfo -t
> checking the trust secret via RPC calls succeeded # wbinfo -a
> mydom\\user%password plaintext password authentication succeeded
> challenge/response password authentication succeeded #
> /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
> Mydom+user password
> [2006/06/12 14:52:07, 3] utils/ntlm_auth.c:check_plaintext_auth(292)
> NT_STATUS_OK: Success (0x0)
> OK
> #
>
> ----
>
> Smb.conf is:
>
> ....
> netbios name = aa1pxysav00
> realm = ZA.IF.ATCSG.NET
> workgroup = ZA
> security = ADS
> password server = server.mydom.com
> encrypt passwords = yes
> log level = 3 passdb:5 auth:10 winbind:5
> idmap uid = 10000-20000
> template shell = /bin/false
> winbind enum users = yes
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind separator = +
> winbind use default domain = yes
> ...
>
> ----
>
> Squid.conf is:
> ....
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 30
> auth_param ntlm max_challenge_reuses 0 auth_param ntlm
> max_challenge_lifetime 2 minutes # ntlm_auth from Samba 3 supports
> NTLM NEGOTIATE packet auth_param ntlm use_ntlm_negotiate on auth_param
> basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
> auth_param basic children 5 auth_param basic realm Squid proxy-caching
> web server auth_param basic credentialsttl 2 hours auth_param basic
> casesensitive off ....
> acl AuthorizedUsers proxy_auth REQUIRED http_access allow all
> AuthorizedUsers ....
> cache_peer proxy.xxx.com parent 8080 0 proxy-only default
>
> ------
>
> Access.log
>
> 1150117192.969 364 10.239.57.34 TCP_MISS/200 4388 GET
> http://www.google.it/ username DEFAULT_PARENT/proxy.xxx.com text/html
> 1150117223.316 24100 10.239.57.34 TCP_MISS/503 1384 GET
> http://www.google.it/imghp? username NONE/- text/html
>
>
>
> Could you help me?
>
>
>
> -----Messaggio originale-----
> Da: Jakob Curdes [mailto:jc@info-systems.de]
> Inviato: venerd́ 9 giugno 2006 14.44
> A: Franco, Battista
> Cc: squid-users@squid-cache.org
> Oggetto: Re: [squid-users] AD and Single Sign On
>
> Franco, Battista schrieb:
>
> >Hello
> >
> >I used a squid 2.5 stable 9 on fedora code 4.
> >
> >My windows domain is an AD 2003.
> >
> >Is it possibile to configure my squid to work as "single sign on" so
> >users will not need to put username and password when accessing to
> >internet?
> >
> >How do i do it?
> >
> >
> >
> >
> >
> See
>
> http://wiki.squid-cache.org/SquidFaq/ProxyAuthentication
>
> Hope this helps,
>
> Jakob Curdes
>
> Hint for the FAQ admins : the keyword NTLM or AD does not show up
> anywhere in the content list, myabe it would be a good idea to shift
> one of the headlines a little - this question keeps getting asked again and again.
>
> Jakob Curdes
>
>
-- Peter Collins Wasenda Network Administrator IT Division, Corporate Services Uganda Revenue Authority P.O. Box 7279, Kampala Tel: (041)334474,334535 Mob: 0752-996477 --------------------------------------------------------------- ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.Received on Mon Jun 12 2006 - 07:16:36 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:01 MDT