RE: [squid-users] msie ntlm auth -- client not in same domain

From: Robert Collins <robertc@dont-contact.us>
Date: 28 Jan 2003 07:56:04 +1100

On Tue, 2003-01-28 at 07:44, Geoff Nordli wrote:
> I am thinking of a stand-alone machine which doesn't belong to any
> domain.

It won't work today:
The response packet sent by the client to squid is handed off to a
domain controller for authentication. Therefore the DC must be able to
authenticate the requested user domain, or hand it off elsewhere. The
established means to do that is via trust relationships. (All MS based
authentication has this issue).

It would be possible to hack samba to support authenticating to
arbitraty domains with some form of mapping, but I can't advise as to
their acceptance of that :}.

Rob

-- 
GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.

Received on Mon Jan 27 2003 - 13:56:19 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:53 MST