Squid and Active Directory
 

Hi,

Questions:
Has anyone tried Active Directory authentication for Squid?
Is NTLM auth still supported in a Native mode WIN2k domain?
If not what is the new way of IE doing auth without asking user?

Status so far:
Win2K domain is in Native mode. (out of my control)
Squid is working fine with smb_auth with Samba2.5 and Samba3.0beta.
Works well for authorising Windows groups by changing permissions on a file on the ADS servers.

Problems:
Passwords sent in plain text with smb_auth is making me very nervous.
Annoying problem of Auth Request popping up for every instance of IE.
Uncertain of whether Windows still uses/supports NTLM to achieve user-less authentication of I.E. to proxy.

:scratch:
Hmm I think that about sums my situation up.

Hi

I'm tyring Active Directory authentication with squid_ldap_auth but have no luck yet.

I have the module talking to the AD but it refuses to authenticate the users saying: invalid credentials.

It seems that i need to "bind" to the server because it does not allow anonymous queries for such thing like authentication.

When i tried that (with administrator login/password), i used ldapsearch tool to check the binding but again i got rejected with the same message: invalid credentials.

Then i started to think that it might be other thing: the authentication method. I don't manage the details behind AD but it looks like it needs Kerberos authentication (i was using simple authenticatio with clear passwords in the net).

I don't know if that helps u but i must pool this off asap. I do understand squid enough but no the ldap protocol neither AD. Do u know if Kerberos is really needed? My other problem is the "ldap filter part"... any clues on how should build this ldap filter?

Regards

Guillermo

I'm pretty sure kerberous is needed. I got a step further than you by getting kerberous working, but then I seem to remember having no idea what to do next :P