> > Small Addon here. > > NTLM V1 and V2.. > Most uses still NTLMv1 but thats being disabled in windows > and samba these days. > > > To make sure you do use NTLMv2. > With Samba 4.2.x and up, use the following setting on the > Squid and/or Freeradius > and on all the Samba AD-DC's and involved members that use ntlm_auth > > Per example : > Add to the [global] section of smb.conf > > ntlm auth = mschapv2-and-ntlmv2-only > > And add in the client commands : "/path/to/ntlm_auth > --allow-mschapv2 " > > But, personaly i would recommend to move to kerberos auth. > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: squid-users > > [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] Namens > > Amos Jeffries > > Verzonden: dinsdag 17 augustus 2021 9:40 > > Aan: squid-users@xxxxxxxxxxxxxxxxxxxxx > > Onderwerp: Re: Two questions about cache for > > squid authentication > > > > On 17/08/21 6:25 pm, ?????? wrote: > > > Dear all, > > > > > > I have two questions about cache for squid authentication. > > > > > > 1. Can I skip authentication for a certain period of time > > after I've > > > authenticated once? > > > > > > When I do the following, the authentication screen appears. > > > > > > Start browser -> access site after authentication (Kerberos > > > authentication) -> close browser -> start another > application (LDAP > > > authentication) > > > > > > > Negotiate/Kerberos authentication authenticates the TCP > > connection. All > > messages on that connection require the Kerberos tokens to > > prove it is > > valid on that connection. > > > > > > > So, even using Kerberos and LDAP auth at the same time, I > > want to skip > > > the authentication process by clientIPaddress, etc. > > > > > > > This is authorization *not* authentication. > > > > > > > 2. About authentication data passing in NTLM authentication > > on website. > > > > > > > NTLM, just like Negotiate/Kerberos authenticates the TCP > > connection and > > requires all messages to have teh appropriate tokens. > > > > > > > SingleSignOn is not working for some sites with NTLM > authentication. > > > > > > > That is a Browser issue. "single sign-on" is a behaviour of > clients, > > where they choose to send the same credentials to all > > services. It has > > nothing to do with the service like Squid. > > > > > > > For example, when the authentication pop-up message > > appears, you can > > > enter the auth information to access the page, but if you visit a > > > different URL, you will be prompted to authenticate again. > > > > > > Can someone give me some advice? > > > > > > > The client doing that is broken or confused. > > > > Maybe the confusion happened because of your mixed up squid config > > rules. Or maybe not. You have not provided any information > about your > > squid.conf, network topology, or how the clients are using > > the proxy - > > so we cannot tell. > > > > Amos > > _______________________________________________ > > squid-users mailing list > > squid-users@xxxxxxxxxxxxxxxxxxxxx > > http://lists.squid-cache.org/listinfo/squid-users > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
