Re: [squid-users] Squid Active directory, Samba and Kerberos

From: Logu <[email protected]>
Date: Sat, 18 Mar 2006 10:12:12 +0530

> One advantage of simple ldap authentication is that you do not need
> samba, winbind, etc, hassles. All you do is add a couple of lines to your
> squid.conf to use the ldap_auth helper to authenticate, and the
> squid_ldap_group helper if you want to test whether Active Directory user
> x is in Active Directory group y.
>
> A really nice guide is here:
> http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
>
> I like ldap_auth for it's simplicity. I can have users access the proxy
> from Windows, Mac, Linux machines with no extra configuration. I simply
> create a user account for them in Active Directory for when their browser
> prompts them.
>> I want to authenticate squid proxy users against Active Directory
>> (win2k). Should I go for ntlm authentication or basic squid ldap
>> authentication. what are the advantages and disadvantages of both. I have
>> read the documents for ntlm authentication and came to know that it
>> requires samba, winbind and kerberos. Why do we need these packages to
>> communicate to the Active Directory. I have earlier configured pam_ntlm
>> authentication for telnet and other applications for which just a samba
>> server which will act as PDC or a workgroup. But why in this case it
>> requires samba ( and Kerberos) even though there is a domain controller
>> (win2k with AD).
>>

Thanks for your response D.R. I would like to know what role does kerberos
play when authencating with ntlm scheme. Is Active Directory a combination
of kerberos and ldap ?

-logu
Received on Fri Mar 17 2006 - 21:42:41 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST