On Tue, 2013-12-24 at 13:42 +0000, Markus Moeller wrote: > Hi Brian, Hi Markus, > Based on my knowledge it is not possible to use negotiate ( Kerberos or > NTLM ) without AD/Samba. Yeah, I guess I mis-represented my limitations. I don't mind setting up a Samba PDC if that's necessary. Where the limitation comes in would be in requiring the Windows users to join a domain here, just to use Squid. I can't require (nor do I want to, TBH) the Windows users join a domain. Their laptops should remain in purely local-authentication mode entirely with any username/password required for Squid to come in the form of a browser (or other application) pop-up. Given the lack of ability to require joining a domin, I wonder how much of a complete AD configuration I need in Samba. I did restate this in a message I sent to the list in response to Amos' message but it does not seem to have been posted yet. I wonder if it's gotten lost on the way. So I guess the most pressing question becomes, can a Windows machine authenticate to Squid using NTLM[SSP] without joining a domain? Cheers, b.
Attachment:
signature.asc
Description: This is a digitally signed message part
