Awsome! Great info, thank you! Incidentally, I set it up with LDAP authentication just to see what would happen. It seems to recognize group membership under that scheme, but it always prompts me for a password (with msnt_auth it doesn't do that BTW. It just lets me directly into the website.), and it shouldn't be doing that. Any ideas on how to stop that? Thanks again! > -----Original Message----- > From: Serassio Guido [mailto:guido.serassio@xxxxxxxxxxxxxxxxx] > Sent: Tuesday, May 10, 2005 7:07 AM > To: Discussion Lists; squid-users@xxxxxxxxxxxxxxx > Subject: Re: [squid-users] NT authentication without joining > the domain > > > Hi, > > At 15.50 10/05/2005, Discussion Lists wrote: > > >Hi All, > >I am running into a curious problem that I was hoping you > all would be > >able to help me with. I am troubleshooting a problem with a squid > >config where squid authenticates proxy users against active > directory > >using NT authentication (re: NOT LDAP) and that machine > isn't joined to > >the domain at all. It doesn't work now, but they insist it did work. > > This is correct, but with many limitations: > - The AD domain must have "Pre-Windows 2000 Compatible Access" enabled > - The AD domain policies must don't activate any security > policy regarding > traffic signing > - You must use SMB NTLM authenticator or MSNT basic authenticator > - You cannot check group membership > - NTLMv2 cannot be supported > > >Does anyone have docs on how to get squid to auth users > without being > >joined to the domain first? > > See any docs about SMB and MSNT. > > Regards > > Guido > > > > - > ======================================================== > Guido Serassio > Acme Consulting S.r.l. - Microsoft Certified Partner > Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY > Tel. : +39.011.9530135 Fax. : +39.011.9781115 > Email: guido.serassio@xxxxxxxxxxxxxxxxx > WWW: http://www.acmeconsulting.it/ > >
