Re: [squid-users] squid proxy for W2K active directoty users from Guido Serassio on 2003-02-07 (squid-users)

From: Guido Serassio <serassio@dont-contact.us>
Date: Fri, 07 Feb 2003 21:43:42 +0100

Hi,

Il 00.09 07/02/2003 jschmidt@buhler.com ha scritto:
>Henrik Nordstrom <hno@squid-cache.org>
>Sent by: hno@marasystems.com
>02/05/2003 01:11 AM
>
>
> To: Jack <sa_jill@yahoo.co.uk>
> cc: Squid Users <squid-users@squid-cache.org>
> Subject: Re: [squid-users] squid proxy for W2K active
> directoty users
>
>
>Jack wrote:
>
> >> Is it possible to use W2K native mode active directory for
>authenticating
> >> proxy users.
>
> >Yes.
>
> >You can use either LDAP (always works) or winbind (requires that support
> >for NTLM is enabled in your AD, is by default)
>
> >Regards
> >Henrik
>
>Henrik, I am reading this from the Windows 2000 server MCSE training Kit
>book:
>(same info can be found here:
>http://www.mrhahn.com/Docs/w2kserver/Ch06.htm)
>
>Mixed mode
>1. When you first install or upgrade a domain controller to Windows 2000
>Server, the domain controller runs in mixed mode.
>2. Mixed mode allows the domain controller to interact with any domain
>controllers in the domain that are running Microsoft Windows NT 3.51 or
>4.0.
>3. Any clients using NT LAN Manager (NTLM) and the directory service in
>Windows NT 3.51 and 4.0 need mixed mode to authenticate to the network.
>
>Point Number 3 is making me wonder again. I thought that I had users
>authenticating against my win2k native mode domain, but then I realized,
>that the
>only reason they were able to authenticate seems to be because of a trust
>set up with a windows NT4 server and my win2k domain. This book makes
>a point of saying that NTLM authentication is only possible if your win2k
>server is running in mixed mode, and mine are all running native mode.
>There is
>a conflict of info here, and I wonder if you or anybody else has more
>info, or possible a link to microsoft that could expand on this. I can't
>bring this into
>production until I know exactly what's going on.
>
>(PS. I think you and others are doing a great job answering questions on
>this list)

Sorry, but Your book is something wrong.

NTLM support (aka Windows 9x and NT 4 clients support) is not related to AD
Native or Mixed mode, but to NTLM support enabled/disabled (Referred during
DCPROMO as Pre Windows 2000 compatibility).

Regards

Guido

>-jamie-

-
=======================================================
Serassio Guido
Via Albenga, 11/4 10134 - Torino - ITALY
E-mail: guido.serassio@serassio.it
WWW: http://www.serassio.it
Received on Fri Feb 07 2003 - 13:45:01 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:16 MST