Re: [squid-users] SquidNT Authentication Question

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 22 Sep 2009 16:30:47 +1200

On Mon, 21 Sep 2009 15:56:42 +0200, "Jacques Kruger \(DHL NA\)"
<jacques.kruger_at_dhl.com> wrote:
> Hi,
>
> I am currently using SquidNT (Version 2.6.STABLE13) as a local proxy in

Side note;

The old project 'SquidNT' is no longer existing. The current official Squid
windows port is termed 'Squid for Windows' available only from Acme
Consulting Ltd (http://squid.acmeconsulting.it/) and possibly soon the main
squid-cache.org website. There are some copyright violators known using the
old experimental project name to advertise an altered and dubious version
of the Squid binary for profit.

Please check you have the official Squid for windows software and kindly
please assist us undermining the copyright violators by updating your
terminology about Squid to the new name. Thank you.

> each of our smaller offices. I authenticate against MS Active Directory
> using a Global Group. I have noticed that the authentication has a
> limitation in that the helper seems not to check Group membership
> recursively, i.e. it will only look at the first result and if that
> result is a group, it will not check membership of the lower group.
>
> I have learned to live with this but changes in our AD policy will
> require me to make my internet access group a member of a higher group
> and I should then authenticate to the higher group, that will no work (I
> hope I'm making sense).
>
> I have treid this with 3.0.STABLE13-BZR and it persists. Any way to work
> around this?

The new version of mswin_check_ad_group helper provided with 2.7.STABLE7
and later appears to have nested group support you are wanting. It should
be available from Acme soon if not already.

Amos
Received on Tue Sep 22 2009 - 04:30:58 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 22 2009 - 12:00:02 MDT