Re: [squid-users] RE: Windows 2003 Strangeness

But just for the record....

None of the Windows policy changes should be necessary with properly
configured Samba3 w/AD/Kerberos and current squid.

I wouldn't want the impression that Squid requires lowering the security
settings(perceived or real) from the Windows defaults for Squid to take
root.

That alone could prevent squid from even be considered in some
environments.

Jerry

----- Original Message -----
From: "Charlie Grosvenor" <charlie.grosvenor@BellandClements.co.uk>
To: "Adam Aube" <aaube01@baker.edu>
Cc: <squid-users@squid-cache.org>; <davea@support.kcm.org>;
<newsgroupie@infomedia.com.au>
Sent: Friday, September 10, 2004 6:26 AM
Subject: RE: [squid-users] RE: Windows 2003 Strangeness

> Yep you are correct the syntax is wrong for the samba 3 ntlm_auth
helper. I
> have just realized that I am still using the squid ntlm_auth helper, I
did
> think I switched to the samba one, I know I set winbind up.
>
> Anyway the solution to my problem with windows 2003 was:
>
> "Change LOCAL machine security policy to:
>
> Microsoft Network Server: Digitally Sign Communications (Always) Enabled
to
> DISABLED Network Security: LAN Manager Authentication Level (not
configured)
> to Send LM & NTLM - User NTLMv2 If Negotiated"
>
> Thank you
>
> -----Original Message-----
> From: Adam Aube [mailto:aaube01@baker.edu]
> Sent: 10 September 2004 03:39
> To: squid-users@squid-cache.org
> Subject: [squid-users] RE: Windows 2003 Strangeness
>
> Charlie Grosvenor wrote:
>
> > Squid.conf:
> >
> > auth_param ntlm program /usr/bin/ntlm_auth domain/domaincontroller
> >
> > I am using the NTLM_AUTH binary that comes with samba v3.
>
> I'm amazed it works at all - that is the wrong syntax for the Samba 3
> ntlm_auth helper. The correct syntax is (all one line):
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
>
> This is in the Authentication FAQ:
>
> http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5
>
> Adam
Received on Sat Sep 11 2004 - 15:40:26 MDT