plut0 Apprentice
Joined: 21 Dec 2004 Posts: 272
|
Posted: Thu Feb 08, 2007 2:00 pm Post subject: |
|
|
Found my answer, sufficient is the key word:
/etc/pam.d/squid:
Code: | auth sufficient /lib/security/pam_unix.so shadow nullok
account sufficient /lib/security/pam_unix.so
auth sufficient /lib/security/pam_stack.so service=system-auth-winbind
account sufficient /lib/security/pam_stack.so service=system-auth-winbind |
/etc/squid/squid.conf
Code: | auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param ntlm keep_alive on
auth_param basic program /usr/libexec/squid/pam_auth
auth_param basic realm Local Authentication
auth_param basic children 5
auth_param basic credentialsttl 2 hours |
So users on the domain auth against ntlm_auth and users not on the domain auth against pam_auth. This works on firefox, the first popup prompt is for Active Directory, if you hit cancel the second prompt comes up for local authentication. I can login on the domain or locally in firefox, no problems. With Internet Explorer however, I only get the first prompt and I am unable to login locally. This is going to be a big problem. Anyone have any thoughts or suggestions? |
|