Henrik, I have tried LDAP authentication in the past and stop using it becouse of the passwords being sent in clear text. I read about TLS but then I would need my DC to be a CA and that is not feasible at the moment. So Im testing NTLMSSP now, but is not being very stable and also read that is not recommended for networks with more than 200 users. Is this the end of the road? Is there any other method Im missing to authenticate users against AD?Transparently? Thanks, On Tue, Nov 18, 2008 at 6:59 AM, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote: > On fre, 2008-11-14 at 10:31 -0600, Johnson, S wrote: > >> I just got the squid_ldap_auth working ok on my segment but when >> watching the protocol analyzer I see that the auth requests against the >> AD are coming in as clear text passwords. Is there anyway we can >> encrypt the ldap domain requests? > > By AD do you refer to Microsoft AD? In such case use NTLM authentication > instead of LDAP. > > You can also TLS encrypt the LDAP communication, but this does not > protect the credentials sent by browsers to Squid, just the > communication squid->LDAP. > > Regards > Henrik > > >
