Le 31 janvier 2012 23:36, CyberSoul <cybersoul@xxxxxxx> a écrit : > Hi all, > could anyone give any suggestion for realize next scheme: > > User turn on the computer & after booting operate system, > he enter login\password for authorize in domain (Active Directory). > After logon in AD, he did not enter any login\password to access to the Internet. > That is, he open any site in the web-browser & Squid don't ask him login\password, but > authorized for user still was transparent. > > At this moment, scheme is follow: > User logon in AD, open a web-browser, Squid ask him login\password. After checking > is the user is present in base of AD, input correct log\pass & check whether he belongs to > a group with access to the Internet (with 'squid_ldap_auth' & 'squid_ldap_group'), user can > go to the Internet. When he close web-browser & repeatly open a web-browser, squid ask him log\pass > again & check is repeat. > > So, a question is: how to do that user input log\pass only once (in logon in domain) & Squid > will no longer ask him log\pass, but still was authorization? Maybe is there anything options with > 'external_acl_type ... %LOGIN'? Or else where... > > > > Depending on ungly bug release of windows you are using (combination of server/client) you shall use NTLM2 or 1 or go for kerberos. LD
