On Thu, Mar 27, 2008 at 7:20 PM, Philip Kloppers <philip@xxxxxxxxxxxxxxxxxxxxxxxx> wrote: > I have an OpenSuse 10.2 box that runs Samba / OpenLDAP as a PDC, as well as > Squid with delay pools to limit bandwidth dependant upon user, group, time > of day and machine. I have managed to get everything working and > authenticating correctly using smb_ldap_auth and smb_ldap_group. However, I > would like to get the clients to authenticate transparently using the domain > credentials from the initial domain logon, and not having to re-authenticate > every time they open the browser. > > The clients (mostly XP with a few FreeNX terminals on various Linux > flavours) are all set up to use the proxy, and then iptables rules blocking > users from bypassing the proxy, so I am not transparently intercepting web > traffic, as I understand that authentication cannot be used with a > transparent proxy. > > Is single sign-on a possibility without using an M$ PDC? All the searching > seems to point to using ntlm_auth for this sort of thing. > PS: I have tried using ntlm_auth to authenticate against the Samba server... > the users are able to authenticate correctly, but still need to re-enter > their credentials every time they open their browsers. Samba should be more than adequate in filling in the PDC role in this scenario. Can you paste the relevant sections of yoru squid conf? -- /kinkie