Squid and Active Directory
Hi,
Questions: Has anyone tried Active Directory authentication for Squid? Is NTLM auth still supported in a Native mode WIN2k domain? If not what is the new way of IE doing auth without asking user? Status so far: Win2K domain is in Native mode. (out of my control) Squid is working fine with smb_auth with Samba2.5 and Samba3.0beta. Works well for authorising Windows groups by changing permissions on a file on the ADS servers. Problems: Passwords sent in plain text with smb_auth is making me very nervous. Annoying problem of Auth Request popping up for every instance of IE. Uncertain of whether Windows still uses/supports NTLM to achieve user-less authentication of I.E. to proxy. :scratch: Hmm I think that about sums my situation up. |
Hi
I'm tyring Active Directory authentication with squid_ldap_auth but have no luck yet. I have the module talking to the AD but it refuses to authenticate the users saying: invalid credentials. It seems that i need to "bind" to the server because it does not allow anonymous queries for such thing like authentication. When i tried that (with administrator login/password), i used ldapsearch tool to check the binding but again i got rejected with the same message: invalid credentials. Then i started to think that it might be other thing: the authentication method. I don't manage the details behind AD but it looks like it needs Kerberos authentication (i was using simple authenticatio with clear passwords in the net). I don't know if that helps u but i must pool this off asap. I do understand squid enough but no the ldap protocol neither AD. Do u know if Kerberos is really needed? My other problem is the "ldap filter part"... any clues on how should build this ldap filter? Regards Guillermo |
I'm pretty sure kerberous is needed. I got a step further than you by getting kerberous working, but then I seem to remember having no idea what to do next :P
|
All times are GMT -5. The time now is 08:55 PM. |