One advantage of simple ldap authentication is that you do not need
samba, winbind, etc, hassles. All you do is add a couple of lines to
your squid.conf to use the ldap_auth helper to authenticate, and the
squid_ldap_group helper if you want to test whether Active Directory
user x is in Active Directory group y.
A really nice guide is here:
http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
I like ldap_auth for it's simplicity. I can have users access the proxy
from Windows, Mac, Linux machines with no extra configuration. I simply
create a user account for them in Active Directory for when their
browser prompts them.
D.R.
----- Original Message -----
From: "Logu" <logsnaath@xxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Saturday, March 18, 2006 5:21 AM
Subject: Squid Active directory, Samba and Kerberos
Hi,
I want to authenticate squid proxy users against Active Directory
(win2k). Should I go for ntlm authentication or basic squid ldap
authentication. what are the advantages and disadvantages of both. I
have read the documents for ntlm authentication and came to know that
it requires samba, winbind and kerberos. Why do we need these packages
to communicate to the Active Directory. I have earlier configured
pam_ntlm authentication for telnet and other applications for which
just a samba server which will act as PDC or a workgroup. But why in
this case it requires samba ( and Kerberos) even though there is a
domain controller (win2k with AD).
Thanks
-logu
