On 24/08/2012 12:38 a.m., Stefan Bauer wrote:
Dear Developers & Users, I'm using squid with negotiate (ntlm+kerberos) I recently discovered, that a computer which is member of the corporate domain is able to successfully authenticate against squid and use the proxy even though the local user is not yet logged on. We want to deny this and only allow the domain-user to use the proxy after logon. How can we achieve this the best way?
You need to prevent the DC accepting machine accounts being authenticated from the proxy. Or use group privileges to assign only user accounts access through the proxy.
But why? the machine needs to do security system updates etc regardless of who is logged in.
Amos
