Hi, After spending some time looking at the ntlm auth from squid, because it didn’t do exactly what I wanted I wrote a perl program this way I could make it check the AD using ntlm_auth to see if a user existed and was a member of a group, then check to see if the user was in a specific database this way my normal users could exist in the AD and my tempory short term users (some students) could exist in a postgres database. Then rather than point squid.conf to the ntlm_auth I point it to my perl app. It works well and means I can do other fancy things with authentication in the future. Hope that helps get you where your going Paul ---------------------------------------------------------------------------- -------- flandercan.co.uk Paul Flanders paul@xxxxxxxxxxxxxxxx http://www.flandercan.co.uk ---------------------------------------------------------------------------- -------- -----Original Message----- From: Mark Elsen [mailto:mark.elsen@xxxxxxxxx] Sent: 30 November 2005 18:21 To: Andre Fernando Goldacker Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: Squid + ntlm authentication with not trusted domains > Hi, > > My squid is running with ntlm authentication against MS AD 2k. Is there a way to configure squid using ntlm to authenticate users that aren't members of my current domain and neither members of a trusted domain? I have a mixed MS AD/NT4 environment with some NT4 domains on a WAN. Also, sometimes I have users that come with notebooks and I don't want them to join my domain or change their workgroup, but they need to go through the proxy. My goal is to get rid of MS Proxy 2.0 which I'm currently using and does this job, and squid always asks for username and password for that kind of users which have to inform my domain\username and pass to go through, I want to know if squid can also like MS Proxy "forget" the domain part and authenticate them as if they were part of the domain. > Any help will be very much appreciated, > Put them in a reserved ip address range; and let these addresses use the proxy without authentication. M. -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.10/189 - Release Date: 30/11/2005 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.10/189 - Release Date: 30/11/2005
