Hi, I'm setting up a squid proxy to auth against our 2003 ADS
I have ntlm working so it authenticates both transparently to the user and using domain\username login.
My Problem is getting squid to auth with just the username not requiring the domain\ part.
The docs say I need to have winbind use default domain = yes which I do. With the option set to yes I get proxyv4# wbinfo -u | grep test99 test99 without the option I get proxyv4# wbinfo -u | grep test99 AFCT\test99 What am I missing? I didn't configure anything for kerberos because of this line in the samba howto
With both MIT and Heimdal Kerberos, it is unnecessary to configure the /etc/krb5.conf, and it may be detrimental.
My system hasn't got a the krb5.conf at all and I wonder if the lack of said file is causing me to have to enter the AFCT\test99 format?
Cheers Steve FreeBSD 6.4-RELEASE-p5 AMD64 Squid Cache: Version 3.0.STABLE15 Samba Version 3.3.4 Windows 2003 ADS in what appears for be native mode. smb.conf [GLOBAL] workgroup = AFCT realm = afct.org.au Server String = AFC Proxy security = ads encrypt passwords = yes winbind use default domain = yes wins server = 10.1.1.5 Relevant lines in squid for ntlm auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm keep_alive on auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours
