Hi, I cannot get ntlm authentication working with IE... W2k client logged into a NT domain. Squid version 2.5.STABLE2-20030320 on a RH 8.0 box.
wbinfo -a DOMAIN\\user%pass shows: plaintext password authentication succeeded challenge/response password authentication succeeded # squid -v Squid Cache: Version 2.5.STABLE2-20030320 configure options: --host=i686-pc-linux-gnu --build=i686-pc-linux-gnu --target=i386-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --exec_prefix=/usr --bindir=/usr/sbin --libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid --datadir=/usr/share/squid --enable-poll --enable-snmp --enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,ufs,null --enable-delay-pools --enable-linux-netfilter --with-pthreads --enable-ssl --enable-arp-acl --enable-external-acl-helpers=ip_user,ldap_group,unix_group,winbind_grou p,wbinfo_group --enable-auth=basic,ntlm --enable-ntlm-auth-helpers=winbind --enable-digest-auth-helpers=password --enable-basic-auth-helpers=winbind The above is a bit bloated, but this was based on an RPM and I plan to whittle the ./configure down after I get ntlm working. my squid.conf minus comments: hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic program /usr/lib/squid/wb_auth auth_param ntlm program /usr/lib/squid/wb_ntlmauth auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl CONNECT method CONNECT acl AuthorizedUsers proxy_auth REQUIRED http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow all AuthorizedUsers http_access deny all http_reply_access allow all icp_access allow all cache_mgr ([EMAIL PROTECTED]) coredump_dir /usr/local/squid/var/cache Whenever I try to connect, IE falls back to basic authentication, which does work (DOMAIN\USER)... but I need ntlm working. The w2k client is logged into the domain. Does anybody see anything glaring in squid.conf or maybe the configure options? Thanks, ~ Daniel ----------------------------------------------------------------------- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you.
