LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 10-21-2004, 08:18 AM   #1
BuRnInICE
LQ Newbie
 
Registered: Aug 2003
Distribution: RedHat 7.3
Posts: 6

Rep: Reputation: 0
Squid Authentication to Active Directory


Dear Penguins,

Is it possible to have a RedHat 9 Squid box that can authenticate it's user/password combination to Active directory without asking for user input?

At the moment I've successfully got Squid popping up the login box for
Realm
Username
Password

Is it possible for linux to check what user is currently logged onto our AD domain on that machine and authenticate them?

Also because we occasionaly need to ban internet usage for students (I work at a school) can a file be edited to disable internet usage, just like denyusers in msntauth.

Or am I dreaming?
 
Old 12-21-2009, 08:53 AM   #2
thebomb
LQ Newbie
 
Registered: Dec 2009
Location: Johannesburg
Distribution: Centos 5.4
Posts: 7

Rep: Reputation: 0
Hello BuRnInICE

Yes this is possible.

make sure that winbind and smb is installed.

yum install smb - should do the tick. also you need some other rpms installed too:

yum install krb5-libs krb5-devel krb5-workstation krb5-server pam_krb5

run this command:

authconfig --enableshadow --enablemd5 --passalgo=md5 --krb5kdc=example.com --krb5realm=EXAMPLE.COM --smbservers=example.com --smbworkgroup=EXAMPLE.COM --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=EXAMPLE.COM --smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431" --winbindseparator="+" --winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain --disablewinbindoffline --winbindjoin=Administrator --disablewins --disablecache --enablelocauthorize --updateall

This should ask you for a password, and when done should join the domain.

if there is any errors please post them will try and help where I can.

in your squid.conf:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
auth_param ntlm keep_alive on

acl AuthorizedUsers proxy_auth REQUIRED
http_access allow AuthorizedUsers

Add those lines under "INSERT YOUR OWN RULES HERE"

restart squid

I got this working on Centos 5, I dont know about Redhat 9.

Hope this helps.
 
Old 06-03-2011, 05:55 AM   #3
Fresherman
LQ Newbie
 
Registered: Jun 2011
Posts: 1

Rep: Reputation: Disabled
Smile Dear Thebomb

When I typed the correct domain password, it still has the error as below:

[root@proxy tmp]# authconfig --enableshadow --enablemd5 --passalgo=md5 --krb5kdc=yourworld.com --krb5realm=yourworld.com --smbservers=yourworld.com --smbworkgroup=yourworld.com --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=yourworld.com --smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431" --winbindseparator="+" --winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain --disablewinbindoffline --winbindjoin=administrator --disablewins --disablecache --enablelocauthorize --updateall
[/usr/bin/net join -w yourworld.com -S yourworld.com -U administrator]
administrator's password:
[2011/06/03 23:49:45, 0] libads/kerberos.c:ads_kinit_password(228)
kerberos_kinit_password administrator@YOURWORLD.COM failed: Preauthentication
failed
Failed to join domain: Logon failure
ADS join did not work, falling back to RPC...
Could not connect to server yourworld.com
The username or password was not correct.
Could not connect to server yourworld.com
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

Shutting down Winbind services: [ OK ]
Starting Winbind services: [ OK ]

Please help to advise.
Kind regard,
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Active Directory Authentication zenix Suse/Novell 29 03-22-2007 11:00 AM
Active Directory authentication? cwhitmore Mandriva 3 03-09-2005 12:25 PM
active directory authentication mozilla Linux - Networking 2 02-21-2005 05:55 AM
Squid Authentication Active Directory BuRnInICE Linux - Networking 1 10-27-2004 09:02 AM
Squid authentication using Active Directory Groups will not work kepler Linux - Networking 1 05-25-2004 01:54 PM


All times are GMT -5. The time now is 01:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration