<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;">Hi All,</span><br>
</div>
<div id="signature">
<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Recently, I tried to configure a squid (4.5 on CentOS 7) proxy service with Microsoft Windows 2012 Active Directory authentication, but got a problem with "--require-membership-of" option.</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="font-family:Calibri,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important">----------------------------------------------------------------------------------------------</span><br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
When I use "auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic" </div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Everything goes will, I can use my AD username and password to login and surf the internet by squid proxy services.</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
----------------------------------------------------------------------------------------------</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
But if I use <span style="color:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif; font-size:12pt">"</span><span style="color:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif; font-size:12pt">auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic </span><span style="color:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif; font-size:12pt">--require-membership-of='IBM\Domain
Users'</span><span style="color:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif; font-size:12pt">" </span></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
OR <span style="color:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif; font-size:12pt">"</span><span style="color:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif; font-size:12pt">auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp </span><span style="color:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif; font-size:12pt">--require-membership-of='IBM\Domain
Users'</span><span style="color:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif; font-size:12pt">"</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Then always gets "1550654743.129 0 192.168.0.1 TCP_DENIED/407 4252 CONNECT www.youtube.com:443 - HIER_NONE/- text/html",</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Internet Explorer ask me to login again and again and again... I am sure I used correct domain, username and password, but everything is not work.</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="font-family:Calibri,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important">----------------------------------------------------------------------------------------------</span><br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
And I have tested run ntlm_auth directly, it looks successfully.</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
"<span>ntlm_auth --require-membership-of='IBM\Domain Users' --username=Administrators --password=123456<br>
</span><span>NT_STATUS_OK: The operation completed successfully. (0x0)</span>"</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="font-family:Calibri,Helvetica,sans-serif; background-color:rgb(255,255,255); display:inline!important">----------------------------------------------------------------------------------------------</span><br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
I have no idea what I have missed or made mistake, could someone can help.</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Thanks!</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div id="x_signature"><font color="#808080" face="Comic Sans MS" size="1" style="font-size:8pt">Best regards.</font><font color="#808080" face="Comic Sans MS" style=""><br>
</font><b><font color="#000000" face="Comic Sans MS" style=""><font style="">TOM</font></font></b><br>
</div>
</div>
</div>
</body>
</html>