RE: [squid-users] SOS with squid_ldap_auth !!

From: Meyerovich Aleksandr EB_NY <[email protected]>
Date: Mon, 27 Feb 2006 10:16:55 -0500

I'd used NTLM authentication before switching to the LDAP. NTLM is a
legacy authentication protocol. Our forest/domain is now all
2003/XP/2000. Eventually I'd like to disable the NTLM. It would be good
if squid 3.0 can support Kerberos bind to MS LDAP.

Thanks a lot,
Alex

-----Original Message-----
From: Kinkie [mailto:kinkie-squid@kinkie.it]
Sent: Thursday, February 16, 2006 6:37 PM
To: Meyerovich Aleksandr EB_NY
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] SOS with squid_ldap_auth !!
Importance: Low

On Thu, 2006-02-16 at 15:14 -0500, Meyerovich Aleksandr EB_NY wrote:
> At last I got squid_ldap_auth with squid_ldap_group to authenticate
> and authorize against the MSAD.
> Thanks a lot for tips.
>
> What I ultimately would like to have is a situation when it only takes

> to match the group membership to get access to the Internet, and NO
> authentication is required. The userId accessing the Internet should
> be still recorded in the access.log
>
> Any suggestions on this?

You can do this if you use one of Microsoft's proprietary authentication
protocols, NTLM and AUTHENTICATE/GSSAPI/KERBEROS. Both will supported in
squid-3, only the former is available in squid-2.

See
http://squidwiki.kinkie.it/SquidFaq/ProxyAuthentication
http://squidwiki.kinkie.it/NTLMIssues
http://squidwiki.kinkie.it/NegotiateAuthentication

--
Kinkie <kinkie-squid@kinkie.it>
Received on Mon Feb 27 2006 - 08:32:38 MST

This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:04 MST