One advantage of simple ldap authentication is that you do not need
samba, winbind, etc, hassles. All you do is add a couple of lines to your
squid.conf to use the ldap_auth helper to authenticate, and the
squid_ldap_group helper if you want to test whether Active Directory user
x is in Active Directory group y.
A really nice guide is here:
http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
I like ldap_auth for it's simplicity. I can have users access the proxy
from Windows, Mac, Linux machines with no extra configuration. I simply
create a user account for them in Active Directory for when their browser
prompts them.
I want to authenticate squid proxy users against Active Directory
(win2k). Should I go for ntlm authentication or basic squid ldap
authentication. what are the advantages and disadvantages of both. I have
read the documents for ntlm authentication and came to know that it
requires samba, winbind and kerberos. Why do we need these packages to
communicate to the Active Directory. I have earlier configured pam_ntlm
authentication for telnet and other applications for which just a samba
server which will act as PDC or a workgroup. But why in this case it
requires samba ( and Kerberos) even though there is a domain controller
(win2k with AD).
Thanks for your response D.R. I would like to know what role does kerberos
play when authencating with ntlm scheme. Is Active Directory a combination
of kerberos and ldap ?
-logu
