Leonardo Rodrigues <leolistas_at_solutti.com.br> wrote on 2011-04-15 22:25:
> if your users have already logged in on your AD network, you can
> have squid configured to use those authentication credentials for
> logging and filtering web access *WITHOUT* asking again for
> username/password.
Which auth scheme should I use in this case? Is it negotiate? Must I
configure each browser to work with this scheme?
> squid has several authentication methods, not all of them does this
> 'transparent' authentication. The most basic squid authentication
> method, 'basic' one, doesnt that. 'basic' authentication will ALWAYS
> give you an authentication popup. To acchieve the transparent
> authentication, you'll have to use probably ntlm, digest or negotiate
> authentication methods. Using these authentications methods *AFTER*
> having your linux box joined your AD network correctly, you can have the
That is still unclear for me. Do you want to say I would need the right
order to join and then no extra question about "user/password" popup in
the browser?
> transparent authentication working. Users will open browser, no
> authentication window will pop up and, and even then, username will be
> logged on squid logs and can be used for filtering purposes.
Which squid scheme is the right for this behaviour?
> Google for 'squid ntlm_auth' or 'squid squid_kerb_auth' for plenty
> of documentation on how to configure and use these authentication
> methods. Google as well for documentation on joining your linux box onto
> your AD network, this will be needed for those authentication methods to
> work.
If I understand right a simple authentication with user login data is only
supported with the cleartext password method of "identd", right?.
Or use AD with kerberos (squid_kerb_auth) or an unspecified method with NT
(WinXP...Win7) (squid_ntlm_auth). But that is no solution in only-linux
networks!
Does your answer also blend to OpenLDAP? This could be a solution for the
linux world, right?
--- Have a nice day. Joachim (Germany)Received on Sat Apr 16 2011 - 18:56:52 MDT
This archive was generated by hypermail 2.2.0 : Sun Apr 17 2011 - 12:00:03 MDT