First a but of foreword: fscked Outlook, and curses on you for posting
in HTML. It's a capital offense.
Now on with you questions (but I won't go easy on you if you
persist in your error).
>I have been reading up on the NTLM authentication FAQ.
>I saw that currently the development only supports one domain controller.
Correct.
>I am in an environment where we have one SQUID proxy serving 2
>locations with a total of 3 domains. There are only a HANDFULL
>of users in 2 of the domains, with 90%+ in the 3rd domain.
>If I configure Squid to use NTLM for authentication and specify
>the domain controller for the domain with the largest user pool,
>what happens with the people in the other 2 domains?
Depends on what version of Squid you're using, and what authenticator
you're using, and on the trust relationships between the domains.
If you're using the multi-domain-NTLM authentication module, you'll
be able to do what you're asking as long as the DC you're talking to
is in a domain trustING the domain the users belong to.
>With they be blocked?
>I understand this will be based on the order my ACL's are in,
>but I'm asking because I have to accomplish a certain number of things....
>1) Use a proxy to cache and monitor internet access
>2) Block inappropriate internet access using ACL's
>Currently, these are working nicely...
>3) authenticate using NTLM (seemless to user) and record
>the domain\userid to access.log
>#3 is pretty important. If I implement it with domain3's domain
>controller and in the process block domain1 and domain2 users, this
>implementation will be useless.
No problem there. Be aware that since the squid-client auth-protocol
is the basic protocol, users will get the popup window.
If you don't want that, try the NTLM devel-branch out. Alpha-testers
wanted.
-- /kinkie -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Thu Sep 21 2000 - 09:01:06 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:26 MST