Search squid archive

Re: User Auth without login prompt ( NTLM / LDAP )

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Mon, 5 Sep 2005, Martin Daemen wrote:

I had hope, if I use for example fakeauth, squid could take the well known username and pass these information on simply way to ldap_group or something like this. But I found no working setup. Or exist no other possibility to authenticate user without login prompt than via NTLM ?

NTLM is the only method whereby the browser automatically logs in to the proxy using the same login details as used for logging in to the Windows workstation.

fakeauth is a NTLM verifier, accepting any login as valid.

The other authentication schemes only provides automatic login via the "Save this login" function in your browser login box.

And if this like that, is there any change for squid not to get member
of the domain?

The SMB ntlm helper (Squid ntlm_auth) allows you to query any Windows file server who is member of the domain to verify the login. But it requires the proxy to be allowed to reach the SMB port on some Windows server in the domain.

My 2nd large problem is the sequence of the acces lists. Is it possible to configure the acces lists in such a way, that if the user tested without login prompt, is not member of the first group, the login prompt appears and the username insert by the user is tested against the 2nd AD group?

Not easily, as the user automatically gets logged in in the first place.

This is possible only if the actual user is not member of any of the groups, forcing him to log in as some other user (in his browser) to access the web.

Regards
Henrik

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux