RE: [squid-users] NTLM authentication insquid

From: Janco van der Merwe <[email protected]>
Date: Mon, 2 Oct 2006 07:48:49 +0200

Well I'm not sure on FC 5 but on FC 4 it does. Try it and get back to me. To configure the /etc/krb5.conf is quite straight forward open the edit the file and you'll see what I mean otherwise if you don't know how let me know and I'll send you copy of my file. Out of interest sake why use NTLM authentication when you can use the squid helper LDAP_group_auth?

Janco v.d Merwe
Network Administrator
Dunns Stores (PTY) Ltd
Switchboard: 011 541 3000
Direct: 011 541 3007
Fax: 086 632 1708

-----Original Message-----
From: Information Security [mailto:InfoSec@adventity.com]
Sent: 29 September, 2006 17:52
To: Janco van der Merwe;squid-users@squid-cache.org
Subject: RE: [squid-users] NTLM authentication insquid

I want to configure squid for user based filtering. I had infact tried
configuring squid without actually adding this machine onto the domain.
But then squid access.log does not show up the usernames (which it does
in my RHEL squid setup).
Would it solve the purpose of user based filtering in this scenario? If
there is a way I can go ahead with it. Kindly guide...

Regards,
Navin J.

-----Original Message-----
From: Janco van der Merwe [mailto:jvdmerwe@dunns.co.za]
Sent: Friday, September 29, 2006 8:53 PM
To: Information Security; squid-users@squid-cache.org
Subject: RE: [squid-users] NTLM authentication insquid

Why do you want to join the machine to the domain? What we did was to
configure /etc/krb5.conf to your Domain specifications and that way you
don't have to go through the pain staking effort of joining a Linux
machine to a MS Domain. In any case both Linux and Windows are Kerberos
compliant.

Janco v.d Merwe
Network Administrator
Dunns Stores (PTY) Ltd
Switchboard: 011 541 3000
Direct: 011 541 3007
Fax: 086 632 1708

-----Original Message-----
From: Information Security [mailto:InfoSec@adventity.com]
Sent: 29 September, 2006 16:39
To: squid-users@squid-cache.org
Subject: [squid-users] NTLM authentication insquid

Hello,

I am trying to configure NTLM authentication in squid. The squid server
would authenticate users with win2K3 ADS.

I had previously successfully done this with RHEL4. Currently I am
trying on Fedora Core 5, but I am facing a lot of problem this time...
the Linux machine simply does not join the domain.

Authconfig-tui gives me the following error at the end of it:

[2006/09/29 19:50:21, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: Transport endpoint is not connected
[2006/09/29 19:50:21, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641)
  cli_rpc_pipe_open_schannel: failed to get schannel session key from
server MYSERVER.CORP.MYCOMPANY.COM for domain MYDOMAIN.
[2006/09/29 19:50:21, 0] utils/net_rpc_join.c:net_rpc_join_ok(61)
  Error connecting to NETLOGON pipe. Error was
NT_STATUS_NO_TRUST_SAM_ACCOUNT
Unable to join domain MYDOMAIN.

Net join ads -U <AdminUserID> gives me the following error:
[2006/09/29 19:52:21, 0] param/loadparm.c:map_parameter(2647)
  Unknown parameter encountered: "winbind seperator"
[2006/09/29 19:52:21, 0] param/loadparm.c:lp_do_parameter(3398)
  Ignoring unknown parameter "winbind seperator"
<AdminUserID>'s password:
[2006/09/29 19:52:25, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: Transport endpoint is not connected

Unable to find a suitable server

Unable to find a suitable server

Can someone help me out?

Navin J.

Disclaimer: Information transmitted by this e-mail is proprietary to
Adventity and/ or its Customers, intended for use only by the individual
or entity to which it is addressed, and may contain information that is
privileged, confidential or exempt from disclosure under applicable law.
If you are not the intended recipient or it appears that this mail has
been forwarded to you without proper authority, you are notified that
any use or dissemination of this information in any manner is strictly
prohibited. In such cases, please notify us immediately at
postmaster@adventity.com and delete this mail from your records.

________________________________________________________________________
____
This communication and any attachments are confidential and intended for
the sole use of the
intended recipient. Any form of copying or disclosure of this
communication to any third parties
without permission is prohibited. The contents of this communication
and its attachments are
not intended to be relied upon in law without subsequent written
confirmation. As such, Dunns
Stores (Pty) Ltd accept no responsibility or liability (including
negligence) for the consequences
of anyone acting, or not acting, on information contained therein.

If you have received this communication in error please notify us
immediately and destroy or
delete it.
________________________________________________________________________
____

Disclaimer: Information transmitted by this e-mail is proprietary to Adventity and/ or its Customers, intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at postmaster@adventity.com and delete this mail from your records.

____________________________________________________________________________
This communication and any attachments are confidential and intended for the sole use of the
intended recipient. Any form of copying or disclosure of this communication to any third parties
without permission is prohibited. The contents of this communication and its attachments are
not intended to be relied upon in law without subsequent written confirmation. As such, Dunns
Stores (Pty) Ltd accept no responsibility or liability (including negligence) for the consequences
of anyone acting, or not acting, on information contained therein.

If you have received this communication in error please notify us immediately and destroy or
delete it.
____________________________________________________________________________
Received on Sun Oct 01 2006 - 23:48:48 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST