Re: [squid-users] NTLM + LDAP auth - no pop-up password window

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 16 Mar 2004 00:31:14 +0100 (CET)

On Mon, 15 Mar 2004, Tomasz Chmielewski wrote:

> Currently everyone is authenticated through squid_ldap_auth first, then
> squid_ldap_group, so that everyone could match his/her own acl.
> User+pass windows pops up.
>
> In order to get rid of that pop-up windows:
>
> 1) Does that mean that I have to install Samba on Squid machine?

That is highly recommended yes. The Samba approach is by far the most
stable NTLM integration path.

> 2) Does that mean, that I have to remove squid_ldap_auth from the config
> file, as authentication would be done by Samba?

squid_ldap_auth will then be replaced by the Samba helper for Basic http
authentication.

In addition you will have the Samba helper for NTLM http authentication.

Details described in the Squid FAQ and other places around the net.

> 3) Does that mean, that squid_ldap_group can stay, as I need to match
> each ldap-group with respective acl?

You can use either squid_ldap_group or the Samba group helper in this
case.

> What I also think, this all ldap_auth, ldap_group, NTLM stuff is *very*
> poorly documented, especially when one wants to make them work together.
> This means, that instead of wasting a couple of days, one coul do it in
> a few hours, if there was decent documentation describing it.

You are welcome to write some good documentation. Presonally I am not good
at writing documentation.

Regards
Henrik
Received on Mon Mar 15 2004 - 16:31:17 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST