You might try squid_kerb_auth which uses Negotiate/Kerberos instead of NTLM
or Negotiate/NTLM.
Markus
"Matias Chris" <lists@xxxxxxxxxxxxxxxxxx> wrote in message
news:524a49fb0811270930j266c85d0me36f232c4f04416d@xxxxxxxxxxxxxxxxx
Henrik,
I have tried LDAP authentication in the past and stop using it becouse
of the passwords being sent in clear text. I read about TLS but then I
would need my DC to be a CA and that is not feasible at the moment. So
Im testing NTLMSSP now, but is not being very stable and also read
that is not recommended for networks with more than 200 users.
Is this the end of the road? Is there any other method Im missing to
authenticate users against AD?Transparently?
Thanks,
On Tue, Nov 18, 2008 at 6:59 AM, Henrik Nordstrom
<henrik@xxxxxxxxxxxxxxxxxxx> wrote:
On fre, 2008-11-14 at 10:31 -0600, Johnson, S wrote:
I just got the squid_ldap_auth working ok on my segment but when
watching the protocol analyzer I see that the auth requests against the
AD are coming in as clear text passwords. Is there anyway we can
encrypt the ldap domain requests?
By AD do you refer to Microsoft AD? In such case use NTLM authentication
instead of LDAP.
You can also TLS encrypt the LDAP communication, but this does not
protect the credentials sent by browsers to Squid, just the
communication squid->LDAP.
Regards
Henrik
