Hi,
For (windows) machines in the Domain, NTLM can be used, as can LDAP to
authenticate my users.
Next would be NTLM will fall back to LDAP, to allow Linux users, and WIndows
machines not in the domain access:
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10 startup=1 idle=5
auth_param basic program /usr/local/squid/libexec/basic_ldap_auth -d -R -b
"dc=mydomain,dc=net" -D account2_at_mydomain.net -W /etc/squid/ldappass.txt -f
sAMAccountName=%s -h ldap.mydomain.net
auth_param basic realm Proxy LDAP - Enter credentials
If machines are not in the domain, LDAP on its own will work, but not the
fallback from NTLM to LDAP
In the logs, there are entries like the following, that would seem to
indicate that its not falling over to ldap correctly:
Proxy-Authenticate: Basic realm="Proxy LDAP - Enter credentials"
Proxy-Authorization: NTLM DUMMYSTUFFAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
Proxy-Authenticate: NTLM
DUMMYSTUFFIABAAOAHYAcAB0AHQALgBjAGgAAwAoAHMAaQBzAHQAZwBkAGIAbwBzAGUAMQAyAC4AdgBwAHQAdAAuAGMAaAAAAAAA
I've been trying with several different browsers, and they behave each a
little differently.
Should it be possible to do ntlm and then fall back to ldap, is there
a configuration option I've missed perhaps?
Thanks,
Sean
Received on Tue Oct 02 2012 - 09:55:42 MDT
This archive was generated by hypermail 2.2.0 : Tue Oct 02 2012 - 12:00:02 MDT