RE: [SQU] NTLM Error

From: Robert Collins <robert.collins@dont-contact.us>
Date: Thu, 22 Feb 2001 09:52:37 +1100

> -----Original Message-----
> From: Craig Fels [mailto:csfels@swbell.net]
> Sent: Thursday, February 22, 2001 6:37 AM
> To: Wood, Jeremy; squid-users@ircache.net
> Subject: Re: [SQU] NTLM Error
>
>
<snip>
>
> As far as I know, Squid with NTLM support can NOT validate based on NT
> groups (local or global). The only way, and I've mentioned
> this before, is

Yes. Squid with or without NTLM has no external group capabilities. Its
_helpers_ can use groups to perform authentication, but this doesn't
give you fine grained Access control. To achieve this use proxy_auth
acl's to build groups.

> to use NT resource kit utilities like Local and Global on the
> particular
> group (domain\proxyusers) and redirect the output to a text
> file. Have this
> text file picked up by your proxy machine and have a
> proxy_auth acl look at
> this file for its members. Then create the http_access allow
> statement for
> that acl.
>
> Should be pretty easy to implement, but a pain to support if
> you ever leave!
> ;-)
>
> Have fun....
>
> Craig
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Wed Feb 21 2001 - 16:02:01 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:07 MST