Re: [SQU] NTLM Error

From: Craig Fels <[email protected]>
Date: Wed, 21 Feb 2001 13:36:47 -0600

> I just downloaded the new code today. Same code you are using. I am
using
> NTLMSSP as the helper. I have double checked the compile options. See I
> need to have true authentication working because not every user on our
> domain is allowed to have proxy access. Only users in certain groups are
> allowed to have it. So I need to check if they are in the correct group
> before they have proxy access. Right now we are using MS Proxy 2.0 and it
> works with NTLM, group permissions, and it is transparent to the user.
That
> is what I am trying to get out of squid so I can get rid of that NT box.
I
> fear I may end up coding something myself which should only take me a
couple
> years considering my experience ;-) In other words, I stink at coding so
I
> was hoping to beable to throw some things together to make this work.

As far as I know, Squid with NTLM support can NOT validate based on NT
groups (local or global). The only way, and I've mentioned this before, is
to use NT resource kit utilities like Local and Global on the particular
group (domain\proxyusers) and redirect the output to a text file. Have this
text file picked up by your proxy machine and have a proxy_auth acl look at
this file for its members. Then create the http_access allow statement for
that acl.

Should be pretty easy to implement, but a pain to support if you ever leave!
;-)

Have fun....

Craig

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Wed Feb 21 2001 - 12:39:33 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:07 MST