I have an OpenSuse 10.2 box that runs Samba / OpenLDAP as a PDC, as well as Squid with delay pools to limit bandwidth dependant upon user, group, time of day and machine. I have managed to get everything working and authenticating correctly using smb_ldap_auth and smb_ldap_group. However, I would like to get the clients to authenticate transparently using the domain credentials from the initial domain logon, and not having to re-authenticate every time they open the browser. The clients (mostly XP with a few FreeNX terminals on various Linux flavours) are all set up to use the proxy, and then iptables rules blocking users from bypassing the proxy, so I am not transparently intercepting web traffic, as I understand that authentication cannot be used with a transparent proxy. Is single sign-on a possibility without using an M$ PDC? All the searching seems to point to using ntlm_auth for this sort of thing. Philip PS: I have tried using ntlm_auth to authenticate against the Samba server... the users are able to authenticate correctly, but still need to re-enter their credentials every time they open their browsers.
