On tis, 2008-10-21 at 19:57 -0500, Lou Lohman wrote: > I have been poking around the Internet and mailing lists and anything > else I can think of, for DAYS, to try to answer what I thought would > be a simple question, "How can I configure Squid so that my authorized > Windows users (Members of the proper security group in AD who are > logged into the network) don't have to answer a challenge to get out > to the Internet?" This consists of three pieces. 1. Configuring the clients to use the proxy, using a server name which MSIE secururity classifies as "Local LAN/Intranet". Usually a "short" server name without domain works, but Windows people can answer this better than me. 2. Configuring the proxy with ntlm (and perhaps negotiate) authentication scheme support. Using Samba ntlm_auth as helper is recommended. 3. Limiting access to the given group. Can be done in two ways, either restrict ntlm_auth to only accept members of the given group, or lookup the group membership using wbinfo_group. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
