Search squid archive

RE: [squid-users] NT authentication without joining the domain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Awsome!  Great info, thank you!  Incidentally, I set it up with LDAP
authentication just to see what would happen.  It seems to recognize
group membership under that scheme, but it always prompts me for a
password (with msnt_auth it doesn't do that BTW.  It just lets me
directly into the website.), and it shouldn't be doing that.  Any ideas
on how to stop that?

Thanks again!

> -----Original Message-----
> From: Serassio Guido [mailto:guido.serassio@xxxxxxxxxxxxxxxxx] 
> Sent: Tuesday, May 10, 2005 7:07 AM
> To: Discussion Lists; squid-users@xxxxxxxxxxxxxxx
> Subject: Re: [squid-users] NT authentication without joining 
> the domain
> 
> 
> Hi,
> 
> At 15.50 10/05/2005, Discussion Lists wrote:
> 
> >Hi All,
> >I am running into a curious problem that I was hoping you 
> all would be 
> >able to help me with.  I am troubleshooting a problem with a squid 
> >config where squid authenticates proxy users against active 
> directory 
> >using NT authentication (re: NOT LDAP) and that machine 
> isn't joined to 
> >the domain at all.  It doesn't work now, but they insist it did work.
> 
> This is correct, but with many limitations:
> - The AD domain must have "Pre-Windows 2000 Compatible Access" enabled
> - The AD domain policies must don't activate any security 
> policy regarding 
> traffic signing
> - You must use SMB NTLM authenticator or MSNT basic authenticator
> - You cannot check group membership
> - NTLMv2 cannot be supported
> 
> >Does anyone have docs on how to get squid to auth users 
> without being 
> >joined to the domain first?
> 
> See any docs about SMB and MSNT.
> 
> Regards
> 
> Guido
> 
> 
> 
> -
> ========================================================
> Guido Serassio
> Acme Consulting S.r.l. - Microsoft Certified Partner
> Via Lucia Savarino, 1           10098 - Rivoli (TO) - ITALY
> Tel. : +39.011.9530135  Fax. : +39.011.9781115
> Email: guido.serassio@xxxxxxxxxxxxxxxxx
> WWW: http://www.acmeconsulting.it/
> 
> 


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux