I managed to get a Suse 10.2 server installed with Squid and Dansguardian fully operational
Has anyone found a good method for automatically authenticating logged in domain users?
I want the users to login to the Windows domain (with XP Pro), like they currently do and for Dansguardian (or Squid) to silently and automatically retrieve their username, so I can better track user internet activity.
Thanks for any ideas.
If you add the Linux Server to the Windows domain as a Domain member (you need to configure Kerberos, Samba and Winbind for this) you can use the ntlm_auth Squid authentication helper to make this work. However this only works for clients with IE or Firefox. It's best to configure the basic_auth too for fallback.
Thank you.
I found in Suse 10.2's Yast control panel there is an option for Windows Domain Membership and Samba server. When I clicked on Domain membership, it downloaded files for samba and winbind. (I don't remember about Kerberos, I don't think it downloaded anything). I entered my domain name in Windows Domain Membership. Do I need to do anything else?
(Right now, the linux pc is at my house, and not connected to the school network. I will connect it to the network when get everything mostly ready to go, so I hopefully only have small config changes to do).
Anyway, is anyone familiar with this step? I'll admit, I am very new to linux, and still have a lot to learn. Thanks!
You need to verify what sort of membership it's decided to use. Open up /etc/samba/smb.conf in a text editor. You absolutely must use 'security = ADS'. If Yast has decided to do something else, you'll have to ignore it and configure samba and friends manually.
It does not even list a security line. I'm guessing this means I need to manually configure it?
yes
I did some clicking around today and it turns out I had forgotten to actually join the domain. smb.conf now lists security = ADS. The linux machine is also now listed in Active Directory.Originally Posted by Geoff
Any tips on next steps, or additional tests I need to run?
Check winbind is installed and works. You do this by running the 'wbinfo -t' command.
OK. Below is the response after I ran the command.
Code:checking the trust secret via RPC calls succeeded
Looks good. You can continue by configuring squid. Once squid is working, configure NTLM and basic authentication in squid. Then you can move on to dansguardian.
On one of the Squid documentation pages I just found, it recommended testing the NTLM authentication. I tried this and got an error message and was wondering if you have any ideas what might be wrong (if anything).
It said to enterat the console. I did this, and then it prompts for the password, like the documentation says.Code:/usr/bin/ntlm_auth --username=[username]
However, the documentation says it should then say NT_STATUS_OK, and if not, to recheck your config (nothing more specific, though). It actually says NT_STATUS_NO_SUCH_USER on an account that is part of the domain (the admin account).
Thanks for any ideas. I GREATLY appreciate it and am learning a lot about linux.
try specifying the domain name too.
OK. I tried entering the username (the second one on the command) as DOMAIN\administrator (with domain the actual domain name, of course) and got the same error message.
Something else interesting, I noticed on the logon screen there is an option to logon to Suse with your Windows domain username/password. I tried this, it started to login, then said
and then goes back to the login screen.Code:could not start kstartupconfig. Check your installation.
Could this be related?
You misunderstand.
Code:/usr/bin/ntlm_auth --username=USERNAME --domain=DOMAIN
Sorry about that.
Trying that revised code worked perfectly.
It now saysCode:NT_STATUS_OK: Success (0x0)
Thanks! I'll try to configure Squid later today.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote