Re: [squid-users] Re: Re: SSO with Active Directory-Squid Clients

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Wed, 7 Apr 2010 20:17:20 +0100

Sorry I knew that but forgot to mention that I was talking about the Unix
version.

Thank you
Markus

"Guido Serassio" <guido.serassio_at_acmeconsulting.it> wrote in message
news:58FD293CE494AF419A59EF7E597FA4E64002FA_at_hermes.acmeconsulting.loc...
Hi Markus,

> If you have a Windows client and the proxy send WWW-Proxy-Authorize:
> Negotiate the Windows client will try first to get a Kerberos ticket
and
> if that succeeds sends a Negotiate response with a Kerberos token to
the
> proxy.
> If the Windows client fails to get a Kerberos ticket the client will
send
> a Negotiate response with a NTLM token to the proxy. Unfortunately
there > is yet no squid helper which can handle both a
Negotiate/Kerberos response
> and a Negotiate/NTLM response (although maybe the samba ntlm helper
can). > So there is a fallback when you use Negotiate, but it has some
caveats.

This is not true when Squid is running on Windows: the Windows native
Negotiate Helper can handle both Negotiate/Kerberos and Negotiate/NTLM
responses.

Regards

Guido Serassio
Acme Consulting S.r.l.
Microsoft Gold Certified Partner
VMware Professional Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio_at_acmeconsulting.it
WWW: http://www.acmeconsulting.it
Received on Wed Apr 07 2010 - 19:17:40 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 08 2010 - 12:00:03 MDT