Leonardo Rodrigues <leolistas@xxxxxxxxxxxxxx> wrote on 2011-04-15 22:25: > if your users have already logged in on your AD network, you can > have squid configured to use those authentication credentials for > logging and filtering web access *WITHOUT* asking again for > username/password. Which auth scheme should I use in this case? Is it negotiate? Must I configure each browser to work with this scheme? > squid has several authentication methods, not all of them does this > 'transparent' authentication. The most basic squid authentication > method, 'basic' one, doesnt that. 'basic' authentication will ALWAYS > give you an authentication popup. To acchieve the transparent > authentication, you'll have to use probably ntlm, digest or negotiate > authentication methods. Using these authentications methods *AFTER* > having your linux box joined your AD network correctly, you can have the That is still unclear for me. Do you want to say I would need the right order to join and then no extra question about "user/password" popup in the browser? > transparent authentication working. Users will open browser, no > authentication window will pop up and, and even then, username will be > logged on squid logs and can be used for filtering purposes. Which squid scheme is the right for this behaviour? > Google for 'squid ntlm_auth' or 'squid squid_kerb_auth' for plenty > of documentation on how to configure and use these authentication > methods. Google as well for documentation on joining your linux box onto > your AD network, this will be needed for those authentication methods to > work. If I understand right a simple authentication with user login data is only supported with the cleartext password method of "identd", right?. Or use AD with kerberos (squid_kerb_auth) or an unspecified method with NT (WinXP...Win7) (squid_ntlm_auth). But that is no solution in only-linux networks! Does your answer also blend to OpenLDAP? This could be a solution for the linux world, right? --- Have a nice day. Joachim (Germany)
