[squid-users] Squid, Samba3 and winbind with NTLM authentication

From: samer khalil <[email protected]>
Date: Fri, 26 Oct 2007 13:31:29 +0300

I am using Squid, Samba3 and winbind with NTLM authentication with a
proper configuration for samba, krb5.conf and squid.conf as follows:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

The solution works great for computers who are joined to Active
Directory domain however i have a couple of questions regarding
clients that are NOT joined:

1- a NON-joined client using IE will have to logon using
realm/username and passwd. Is there a way to make him authenticate
with only his username and passwd ?
NB:It works fine with other browsers such as Firefox.

2- If you use IE with this NTLM auth (on an NON-joined pc) and select
the 'save password' checkbox the password gets stored in the registry
as if it was for a network location. To delete the record you will
have to run
"rundll32.exe keymgr.dll, KRShowKeyMgr"
This is causing real problems to users. Have you encountered this? and
were you able to figure a way out?

Thanks again,
Samerk
Received on Fri Oct 26 2007 - 04:31:35 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:02 MDT