I'd used NTLM authentication before switching to the LDAP. NTLM is a legacy authentication protocol. Our forest/domain is now all 2003/XP/2000. Eventually I'd like to disable the NTLM. It would be good if squid 3.0 can support Kerberos bind to MS LDAP. Thanks a lot, Alex -----Original Message----- From: Kinkie [mailto:kinkie-squid@xxxxxxxxx] Sent: Thursday, February 16, 2006 6:37 PM To: Meyerovich Aleksandr EB_NY Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: SOS with squid_ldap_auth !! Importance: Low On Thu, 2006-02-16 at 15:14 -0500, Meyerovich Aleksandr EB_NY wrote: > At last I got squid_ldap_auth with squid_ldap_group to authenticate > and authorize against the MSAD. > Thanks a lot for tips. > > What I ultimately would like to have is a situation when it only takes > to match the group membership to get access to the Internet, and NO > authentication is required. The userId accessing the Internet should > be still recorded in the access.log > > Any suggestions on this? You can do this if you use one of Microsoft's proprietary authentication protocols, NTLM and AUTHENTICATE/GSSAPI/KERBEROS. Both will supported in squid-3, only the former is available in squid-2. See http://squidwiki.kinkie.it/SquidFaq/ProxyAuthentication http://squidwiki.kinkie.it/NTLMIssues http://squidwiki.kinkie.it/NegotiateAuthentication -- Kinkie <kinkie-squid@xxxxxxxxx>
