Dear Penguins,

Is it possible to have a RedHat 9 Squid box that can authenticate it's user/password combination to Active directory without asking for user input?

At the moment I've successfully got Squid popping up the login box for
Realm
Username
Password

Is it possible for linux to check what user is currently logged onto our AD domain on that machine and authenticate them?

Also because we occasionaly need to ban internet usage for students (I work at a school) can a file be edited to disable internet usage, just like denyusers in msntauth.

Or am I dreaming?

Hello BuRnInICE

Yes this is possible.

make sure that winbind and smb is installed.

yum install smb - should do the tick. also you need some other rpms installed too:

yum install krb5-libs krb5-devel krb5-workstation krb5-server pam_krb5

run this command:

authconfig --enableshadow --enablemd5 --passalgo=md5 --krb5kdc=example.com --krb5realm=EXAMPLE.COM --smbservers=example.com --smbworkgroup=EXAMPLE.COM --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=EXAMPLE.COM --smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431" --winbindseparator="+" --winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain --disablewinbindoffline --winbindjoin=Administrator --disablewins --disablecache --enablelocauthorize --updateall

This should ask you for a password, and when done should join the domain.

if there is any errors please post them will try and help where I can.

in your squid.conf:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
auth_param ntlm keep_alive on

acl AuthorizedUsers proxy_auth REQUIRED
http_access allow AuthorizedUsers

Add those lines under "INSERT YOUR OWN RULES HERE"

restart squid

I got this working on Centos 5, I dont know about Redhat 9.

Hope this helps.

When I typed the correct domain password, it still has the error as below:

[root@proxy tmp]# authconfig --enableshadow --enablemd5 --passalgo=md5 --krb5kdc=yourworld.com --krb5realm=yourworld.com --smbservers=yourworld.com --smbworkgroup=yourworld.com --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=yourworld.com --smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431" --winbindseparator="+" --winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain --disablewinbindoffline --winbindjoin=administrator --disablewins --disablecache --enablelocauthorize --updateall
[/usr/bin/net join -w yourworld.com -S yourworld.com -U administrator]
administrator's password:
[2011/06/03 23:49:45, 0] libads/kerberos.c:ads_kinit_password(228)
kerberos_kinit_password administrator@YOURWORLD.COM failed: Preauthentication
failed
Failed to join domain: Logon failure
ADS join did not work, falling back to RPC...
Could not connect to server yourworld.com
The username or password was not correct.
Could not connect to server yourworld.com
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

Shutting down Winbind services: [ OK ]
Starting Winbind services: [ OK ]

Please help to advise.
Kind regard,