Re: [squid-users] Samba 3-ntlm_auth, Squid-2.5Stable4 and W2K3 Authentication options

From: Henrik Nordstrom <[email protected]>
Date: Wed, 19 Nov 2003 23:13:10 +0100 (CET)

On 19 Nov 2003, Dave Augustus wrote:

> Working in a Windows shop has it difficulties especially when trying to
> prove the case for Open Source...
>
> I am hoping that Squid is it!
>
> But I can't get the darn thing to authenticate to a W2k3 AD server due
> to changes in Samba that haven't migrated to Squid. I get a compile
> error with the -with-samba-sources directive. It fails with the
>
> gcc -DHAVE_CONFIG_H -I. -I. -I../../../include -I../../../include
> -I/usr/local/src/samba-3.0.0/source -O3 -march=i686 -mcpu=i686
> -funroll-loops -fomit-frame-pointer -c `test -f wb_common.c || echo
> './'`wb_common.c

This is because the Squid helper you are trying to compile is for
Samba-2.2.X only.

Samba-3.X includes it's own helper, and thus you do not need the helper
shipped with Squid for Samba-3.x. Instead you should use the helper which
was installed as part of Samba-3.X.

Information on this can be found in the Squid FAQ, and has also been
discussed a lot in the last months squid-users archives.

> So, is LDAP an alternative? What about NT Groups?

LDAP works fine for groups with MSAD. In fact MSAD is one of the LDAP
directories the LDAP helpers to Squid was tested against during
development.

What you don't get with LDAP is

a) NTLM support for single-sign-on.

b) The same ease of setting things up. A little more digging is required
to get the LDAP parameters correct unless you know how MSAD and LDAP
relates to each other..

Regards
Henrik
Received on Wed Nov 19 2003 - 15:13:13 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:23 MST