[squid-users] NT with 2 groups defined for squid

From: Van Bossche Koen <[email protected]>
Date: Thu, 6 Dec 2001 10:22:02 +0100

Hi,
I have a question regarding authentication.
We have 2 group of users on NT: InternetUsersL (limited access -> some
sites) and InternetUsersF (full access).
Therefor I have 2 squidconfigurations installed on a box, one configured
with port 8081(=limited access) and the other using port 8080(=full access)
checking the correct groups on NT with using smb_auth.
However I would prefer every client using the same script in there browser
for automatic configuration.

So my question :
- is there a possibility to do this?
- does somebody use a better method for those 2 NT groups to authenticate?

An other question :
Since all of our clients are pointed to our proxy to run a script, won't the
request to the Intranet servers still appear as if it's originating from the
proxy?
Is it so that if a proxy exclusion exists for a client requestm the proxy
will forward the request on the destination, still replacing the originating
source address with its own. The difference is that it just doesn't force
the request to pass through the proxy engine.
If so, even with the exclusion list, the proxy would still have to allow
NTLM pass-through (NTLM authentication being used on webserver).

KR
./koen
Received on Thu Dec 06 2001 - 02:22:25 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:14 MST