Hello Ben, Ensure that you are referencing the ntlm_auth that comes with Samba V3.
--Dave On Mon, 2004-01-12 at 09:01, Ben Kelley wrote: > Trying to get NTLM/seamless authentication working with IE in domain/AD > environment. Have browser setup to use proxy. > > Basic authentication from a non-M$ machine/browser works fine to the > domain. > Basic authentication from a M$ machine with Netscape works fine to the > domain. > Any authentication from a M$ machine with a M$ browser fails. > > It appears that the NTLM between the client IE and Squid takes place due > to seeing the username appearing in the logs (cache.log) as soon as IE is > launched, but that authentication is never sent to the Domain Controllers > (verified via tcpdump). > > TESTWKSN > - WinXP > - IE 6 > - Netscape 7.0 > > Non M$ Workstation > - Solaris 9 > - Netscape 7.0 > > Proxy Server > - FreeBSD 4.9 > - Samba 3.0.0,1 from ports > - Squid 2.5_4 from ports > > ----------------------------------------------------------------------------------- > output of 'squid -v' > > Squid Cache: Version 2.5.STABLE3 > configure options: --bindir=/usr/local/sbin > --sysconfdir=/usr/local/etc/squid --datadir=/usr/local/etc/squid > --localstatedir=/usr/local/squid '--enable-storeio=ufs diskd null' > '--enable-removal-policies=lru heap' --enable-auth=ntlm,basic > '--enable-basic-auth-helpers=NCSA winbind' > --enable-ntlm-auth-helpers=winbind > '--enable-external-acl-helpers=wbinfo_group winbind_group' --enable-snmp > --enable-delay-pools --enable-useragent-log --enable-referer-log > --disable-ident-lookups --enable-underscores --prefix=/usr/local > i386-portbld-freebsd4.9 > > ----------------------------------------------------------------------------------- > CACHE.LOG > > Jan 9 16:10:05 cache02 [2004/01/09 16:10:05, 3] > libsmb/ntlmssp.c:ntlmssp_server_auth(286) > Jan 9 16:10:05 cache02 user=[TESTUSER1] domain=[TESTDOMAIN] > workstation=[TESTWKSN] len1=24 len2=24 > > ----------------------------------------------------------------------------------- > SQUID.CONF > > auth_param ntlm program /usr/local/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 5 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 20 minutes > > auth_param basic program /usr/local/bin/ntlm_auth > --helper-protocol=squid-2.5-basic > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > > acl AuthorizedUsers proxy_auth REQUIRED > > http_access allow AuthorizedUsers > > ----------------------------------------------------------------------------------- > SMB.CONF > > security = ads > password server = TESTADC0 TESTADC1 > encrypt passwords = yes > > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > > winbind separator = " > realm = TEST.COM > winbind use default domain = yes > workgroup = TESTDOMAIN > > domain master = no
