Per my previous message, it seems that if I want to have Negotiate authentication for my Linux machines (which use Kerberos in my network), I have to support Negotiate for the Windows machines, even though they don't actually use Kerberos. It seems they want to use NTLMSSP when they are offered Negotiate from Squid without Kerberos tickets. So, I don't want the Windows machines to join any AD domains here[1]. There are no AD domains or services for them to join one for. I simply want them to be able to use Squid, which seems to mean them using the Negotiate authentication method that Squid is offering them (as well as Basic but I suppose Windows is ignoring that one because it is a weaker protocol), which appears to mean they use NTLMSSP. So does anyone have a HOWTO they can point to on what I need to do to simply get Squid to be able to use ntlm_auth to authenticate the Windows users against PAM on the Squid machine? I have seen http://wiki.squid-cache.org/ConfigExamples/Authenticate and in particular http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm but that seems to assume one has an existing AD domain and PDC that they can point Samba on the Squid machine to using: password server = myPDC in the smb.conf. But as I said above, there is no AD domain here, therefore no PDC. I don't really have any desire to create one, just to authenticate Windows Squid users. I just want to be able to authenticate the Windows Negotiate/NTLMSSP against the local PAM passwd service on the Squid machine. I'm using Squid Cheers, b. [1] These Windows users are not really members of my network but "guests" being given access to our Squid. It's not really reasonable to ask them to reconfigure their machines to be domain clients for an AD domain here.
Attachment:
signature.asc
Description: This is a digitally signed message part