I have tried your configuration... but I have the same problem.
squid version is 3.0.5
in attachment there is one of my tested squid.conf.
only IE7 is working properly
thanks in advance
nairb rotsak wrote:
Always forget to hit the 'reply to all' instead of the 'reply'.. sorry..
below is what I sent Chris:
Below is for w2k3 AD and Ubuntu 6.06.1:
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 15
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param ntlm use_ntlm_negotiate off
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl NTLMUsers proxy_auth REQUIRED
acl our_networks src 192.168.0.0/16
http_access allow all NTLMUsers
http_access allow our_networks
Here is our current setup (w2k8 and Ubuntu 8.04.1):
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 15
auth_param ntlm keep_alive on
acl our_networks src 192.168.0.0/16
acl NTLMUsers proxy_auth REQUIRED
external_acl_type ntgroup %LOGIN /usr/lib/squid/wbinfo_group.pl
acl NOINTERNET external ntgroup no-internet
http_access deny NOINTERNET
http_access allow all NTLMUsers
http_access allow our_networks
http_access allow localhost
We
have a group policy do the IE browser, but with Firefox, we have to set
it manually. Once it is set, there is no prompt... I use SARG to get
the results.. Been doing it for almost three years.. I would get
evangelical on people using iPrism/Barracuda/Websense.. but now I
figure I will just let them spend the money.. ;-)
- Original Message
From: Chris Nighswonger [EMAIL PROTECTED]
To: nairb rotsak [EMAIL PROTECTED]
Cc: matlor [EMAIL PROTECTED]; squid-users@squid-cache.org
Sent: Wednesday, October 29, 2008 9:31:32 AM
Subject: Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY
On Wed, Oct 29, 2008 at 10:23 AM, nairb rotsak [EMAIL PROTECTED] wrote:
I am totally confused by this statement?.. as I have 300 people using
firefox right now.. using Ubuntu 6.06, Samba3, Squid2.. and not a single
one gets a user/pass prompt? I am not using it as a transparent proxy,
it is listed in firefox under proxy settings (8080 because it goes to DG
first.. but I have tested just Squid at 3128 and it works as well).. and
I haven't touched anything else in firefox
I'd be very interested in knowing what is different about your setup.
I have fought this problem for several years now.
- Original Message
From: Chris Nighswonger [EMAIL PROTECTED]
To: matlor [EMAIL PROTECTED]
Cc: squid-users@squid-cache.org
Sent: Wednesday, October 29, 2008 8:48:39 AM
Subject: Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY
On Tue, Oct 28, 2008 at 6:18 AM, matlor [EMAIL PROTECTED] wrote:
I have configured squid with winbind integrated in the active directory
of a
windows 2003 domain.
If I browse internet trough IE 7 everething is ok, no user and password
prompted, because of the common login. While, if I open Firefox (2 or 3
version), it prompts for user and password.
One other note: While FF does support NTLM, it does not do transparent
auth as IE does. Hence the prompting for username/password.
Furthermore, due to M$ having a broken implementation of NTLM, FF will
at times repeatedly prompt ad infinitum. There is an open bug on this
at Mozilla, (https://bugzilla.mozilla.org/show_bug.cgi?id=318253) but
action on it is understandably slow. You can mess with FF's NTLM
related settings under 'about:config' to gain some respite. You can
also run a basic auth that authenticates against NTLM which for some
reason seems to avoid the multi-prompt issue. Something like:
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 2
auth_param basic realm somerealm
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
Regards,
Chris
http://www.nabble.com/file/p20247889/squid.conf squid.conf
--
View this message in context:
http://www.nabble.com/SQUID-%2B-FIREFOX-%2B-ACTIVE-DIRECTORY-tp20204501p20247889.html
Sent from the Squid - Users mailing list archive at Nabble.com.
