On 22/02/2013 12:58 p.m., Francesco wrote:
> Hello Amos,
>
> happy to hear from you!
>
>>> 1) in squid.conf, i have to specify windows user with the first capital
>>> letter. Ex: user = User_at_DOMAIN.
>>> If i specify user_at_DOMAIN i have no authentication to surf
>> Case sensitivity has nothing to do with Squid. The user details are part
>> of the encrypted data transferred directly between your client software
>> and your authentication system. When users login the authentication
>> system informs Squid what username just logged in - Squid uses that
>> label exactly as received.
> But, if i write, in squid.conf in proxy_auth acl, user instead of User,
> Squid do not grant access, with authentication deny.
> Is there a way to accept "user" and "User" at the same way?
Not with proxy auth, it is a case sensitive string match.
The best thing to do is find out why the AD backend is suddenly
presenting uppercase on the usernames.
>
>> Yes. This is how authentication works in general. Client connects,
>> server requests credentials, client repeats with credentials and gets
>> whetever response is appropriate for that.
> When working with 2008 and 2008 R2 domain controller, kerberos
> authentication is better than ntlm, is it right?
Kerberos is better than NTLM, always. Kerberos is not supported by some
very old software though (think 1980's-1990's year of release - the
stuff you really should be upgrading anyway).
Amos
Received on Fri Feb 22 2013 - 00:26:13 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 22 2013 - 12:00:04 MST