Michael Mansour wrote:
Hi,
I have Squid authenticating AD domain accounts (via it's LDAP helper)
to an AD backend, if the user is part of an allowed "Internet Users"
group they get internet access, if they don't authenticate or aren't
part of the "Internet Users" group they don't get internet access.
What I'm after is a way to get rid of the "pop up" authentication
Window when the browser starts and uses the Squid proxy server.
The Windows workstations that access Squid are all part of an AD
domain and the users that login to those workstations login with
their valid AD accounts.
I've tested various solutions from Web searches for NTLM pass-thru,
where for example, Firefox has "about:config" and ntlm settings you
can set in there, and for IE adding URL's to the Intranet zone, but
they don't work. I keep having Squid prompt for a username and
password.
Are the browsers using NTLM or Kerberos? it makes a difference if Squid
is only configured for one.
You have a bit of a problem if you want to stop the startup popup. It
usually only occurs when the browser has no working login credentials to
pass the proxy.
You can stop Squid from requesting login details from the browser, but
if the browser does not know to send them you are in an even worse mess
then.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24
Current Beta Squid 3.1.0.16
