Re: [squid-users] NTLM + LDAP auth - no pop-up password window

From: Tomasz Chmielewski <mangoo@dont-contact.us>
Date: Mon, 15 Mar 2004 21:05:58 +0100

Henrik Nordstrom wrote:
> On Fri, 12 Mar 2004 mangoo@interia.pl wrote:

>>So: is it possible, using Squid, LDAP server, and a browser that supports NTLM,
>>to authenticate user, so that no pop-up 'username + password' window shows up?
>
>
> No, but it is fully possible to use Squid + Active Directory + a browser
> that supports NTLM in such manner.

OK.
Here's my setup:

[Squid-192.168.1.1]---[Active Directory-192.168.1.2]

and a network of 192.168.1.* attached to it, with NTLM enabled browsers
attached to it.

Currently everyone is authenticated through squid_ldap_auth first, then
squid_ldap_group, so that everyone could match his/her own acl.
User+pass windows pops up.

In order to get rid of that pop-up windows:

1) Does that mean that I have to install Samba on Squid machine?

2) Does that mean, that I have to remove squid_ldap_auth from the config
file, as authentication would be done by Samba?

3) Does that mean, that squid_ldap_group can stay, as I need to match
each ldap-group with respective acl?

What I also think, this all ldap_auth, ldap_group, NTLM stuff is *very*
poorly documented, especially when one wants to make them work together.
This means, that instead of wasting a couple of days, one coul do it in
a few hours, if there was decent documentation describing it.

I could write it, with examples, screenshots etc. as soon as I have NTLM
working.
So far, I have ldap_auth and ldap_group.

What do you think?

-- T.
Received on Mon Mar 15 2004 - 13:05:25 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST