My active directory schema is already updated to win 2003 server -----Messaggio originale----- Da: Bucci, David G [mailto:david.g.bucci@xxxxxxxx] Inviato: Wednesday, September 29, 2010 4:21 PM A: Riccardo Castellani; squid-users@xxxxxxxxxxxxxxx Oggetto: RE: EXTERNAL: Active directory with Squid I don't know all of the details of accomplishing this with Squid, but if you're running Squid on a non-Windows server, one "gotcha" to be aware of is that you will (probably) need the updated Active Directory schemas on your W2K AD server ... you have to step up to at least Windows Server 2003 SP2's schema (though at this point, might as well update to the W2008 version). NOT saying you have to upgrade the OS itself -- but your AD schema needs the fields in it that are used to store Unix/Linux metadata (per RFC 2307. Which was clarified in ... 4718, I think?). Again, I haven't done this with Squid (which probably relies on the Samba libs under the covers to integrate with AD), only Quest/Vintella and Likewise ... and I'm not 100% sure the Samba libs make use of the 2307-defined attributes, like Quest and Likewise do ... but it's something to watch for. -----Original Message----- From: Riccardo Castellani [mailto:r.castellani@xxxxxxxxxxxxxxx] Sent: Wednesday, September 29, 2010 9:13 AM To: squid-users@xxxxxxxxxxxxxxx Subject: EXTERNAL: Active directory with Squid I need to authenticate squid users by Active Directory. My Microsoft domain is "inside.it" into internal network (every pc name is according to "clientname.inside.it") and AD domain controllers have Win 2000 server as os. On my external network (dmz) I have another domain that is "external.it"; it's not MS domain and it's used to introduce me on Internet about emails and web services. E.g. : my email address: Riccardo.external.it my company www site: www.external.it My dns is Bind9 and in my company it's available only for Squid (to solve sitenames) infact my clients were not able to query to it. My Squid version is 2.7 Stable3 and it stays on the same server where there is Bind. Can keep these 2 domains as divided and independent for integrating Squid authentication to Active Directory ? I read that, for creating this system, I have to insert my squid into domain by SAMBA packet but my purpose is keeping same behaviour and environment. Riccardo