Hello Matej, Eugene, Hope our humble tutorial for Squid <-> Active Directory integration with Kerberos SSO, Basic(LDAP) auth is also useful - http://docs.diladele.com/administrator_guide_4_3/active_directory/index.html No NTLM though!!! Best regards, Rafael Akchurin Diladele B.V. -- Please take a look at Web Safety - our ICAP based web filter server for Squid proxy -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Eugene M. Zheganin Sent: Monday, November 16, 2015 4:49 PM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Fwd: NTLM LDAP authentication problem Hi, On 16.11.2015 19:51, Matej Kotras wrote: > Thank you for your response, as this is my first try with Squid, and > fairly newb in Linux. > I do not understand at all differences between basic/ntlm/gss-spnego > auths so I will do my homework and read about them. I've managed to > get this working after few weeks of "trial and error" method (I know, > I know, but I gotta start somewhere rite) following multiple guides. > The usual issue with all those copy/paste tutorials is that they tend to teach how to do everything at once, instead of moving from simple things to more difficult ones. This order of simplicity/difficulty is the following: - adding Basic authentication, all authenticated users are authorized to use proxy - adding NTLM authentication, all authenticated users are authorized to use proxy - adding group-based authorization, authenticated users are authorized to use proxy basing on the group membership, using simple helper like squid_group_ldap - adding GSS-SPNEGO authentication - adding full-fledged GSS-SPNEGO group authorization helper. You can try my article, http://squidquotas.hq.norma.perm.ru/squid-auth.shtml. Though it's not perfect and still lacks two last steps, at least it tries to follow that approach. Eugene. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
