On 22/02/2013 12:58 p.m., Francesco wrote:
Hello Amos,
happy to hear from you!
1) in squid.conf, i have to specify windows user with the first capital
letter. Ex: user = User@DOMAIN.
If i specify user@DOMAIN i have no authentication to surf
Case sensitivity has nothing to do with Squid. The user details are part
of the encrypted data transferred directly between your client software
and your authentication system. When users login the authentication
system informs Squid what username just logged in - Squid uses that
label exactly as received.
But, if i write, in squid.conf in proxy_auth acl, user instead of User,
Squid do not grant access, with authentication deny.
Is there a way to accept "user" and "User" at the same way?
Not with proxy auth, it is a case sensitive string match.
The best thing to do is find out why the AD backend is suddenly
presenting uppercase on the usernames.
Yes. This is how authentication works in general. Client connects,
server requests credentials, client repeats with credentials and gets
whetever response is appropriate for that.
When working with 2008 and 2008 R2 domain controller, kerberos
authentication is better than ntlm, is it right?
Kerberos is better than NTLM, always. Kerberos is not supported by some
very old software though (think 1980's-1990's year of release - the
stuff you really should be upgrading anyway).
Amos
