On Mon, 5 Sep 2005, Martin Daemen wrote:
> I had hope, if I use for example fakeauth, squid could take the well
> known username and pass these information on simply way to ldap_group or
> something like this. But I found no working setup. Or exist no other
> possibility to authenticate user without login prompt than via NTLM ?
NTLM is the only method whereby the browser automatically logs in to the
proxy using the same login details as used for logging in to the Windows
workstation.
fakeauth is a NTLM verifier, accepting any login as valid.
The other authentication schemes only provides automatic login via the
"Save this login" function in your browser login box.
> And if this like that, is there any change for squid not to get member
> of the domain?
The SMB ntlm helper (Squid ntlm_auth) allows you to query any Windows file
server who is member of the domain to verify the login. But it requires
the proxy to be allowed to reach the SMB port on some Windows server in
the domain.
> My 2nd large problem is the sequence of the acces lists. Is it possible
> to configure the acces lists in such a way, that if the user tested
> without login prompt, is not member of the first group, the login prompt
> appears and the username insert by the user is tested against the 2nd AD
> group?
Not easily, as the user automatically gets logged in in the first place.
This is possible only if the actual user is not member of any of the
groups, forcing him to log in as some other user (in his browser) to
access the web.
Regards
Henrik
Received on Sun Sep 25 2005 - 03:26:18 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:04 MDT