[squid-users] winbind interface

Alex Samad alex at samad.com.au
Wed Sep 2 07:10:10 UTC 2015 

# #######
# Negotiate
# #######

# http://wiki.squid-cache.org/Features/Authentication
# http://wiki.squid-cache.org/Features/NegotiateAuthentication
auth_param negotiate program /usr/bin/ntlm_auth
--helper-protocol=gss-spnego --configfile /etc/samba/smb.conf-squid
auth_param negotiate children 10 startup=0 idle=1
auth_param negotiate keep_alive on

# #######
# NTLM AUTH
# #######

# ntlm auth
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --configfile /etc/samba/smb.conf-squid
auth_param ntlm children 10
#auth_param ntlm children 10 startup=0 idle=1
#auth_param ntlm keep_alive

# #######
# NTLM over basic
# #######

# warning: basic authentication sends passwords plaintext
# a network sniffer can and will discover passwords
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic --configfile /etc/samba/smb.conf-squid
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

On 2 September 2015 at 11:15, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 2/09/2015 11:50 a.m., Alex Samad wrote:
>> Hi
>>
>> I have squid setup to use
>> NTLM and then faill back to basic.
>>
>> when it fails back to basic, my user put in
>>
>> firstname.surname at a.b.c which fails.
>>
>> if they put in firstname.surname it works
>>
>> is there some way to get squid to strip off the @<.*>
>
> That depends on which helper you are using to validate the Basic auth
> credentials. The ones which support it do so via a command line
> parameter. So check our helpers documentation to see if one exists to
> strip Kerberos/NTLM/Domain.
>
> Otherwise you can always script a helper for yourself.
>
>>
>> also is there some way to change the info in the dialogue box that pops
up
>
> The only controllable part of the popup dialog is the Realm value. Set
> by the auth_param directives "realm" parameter.
>
> IIRC the realm is usually turned into the title bar, though some
> browsers show it in quotes in the text. The form and display of the
> popup is fixed and not manipulatable by any external server for security
> reasons that should be obvious.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150902/c4c4ea73/attachment-0001.html>

More information about the squid-users mailing list