mån 2006-02-27 klockan 10:16 -0500 skrev Meyerovich Aleksandr EB_NY: > I'd used NTLM authentication before switching to the LDAP. NTLM is a > legacy authentication protocol. Our forest/domain is now all > 2003/XP/2000. Eventually I'd like to disable the NTLM. It would be good > if squid 3.0 can support Kerberos bind to MS LDAP. One Problem is that most client's cant do Kerberos to a proxy. But it seems MSIE7 will finally suppot this. Another problem is that Samba is not entirely up to speed to support Kerberos authenitcation. But the technology preview of Samba-4 should work.. A third smaller problem is that Squid-2.5 does not support Kerberos authentication either. Patch available from devel.squid-cache.org or wait for Squid-3.0. But for all practical purposes NTLMv2 works.. just not as efficient or reliable. But for 2.5 you need to remember to enable the use of the negotiate packet in your squid.conf.. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
