On Mon, 26 Jul 2004, Huang, David wrote:
> 1) user has to enter username (UPN) and password I tried to use
> sAMAccountName, instead of userPrincipalName, it works fine in the
> command line for squid_ldap_auth, but NOT for using it in the
> configuration file. I dont know why!
If it works from the command line then it must work from squid.conf as
well. Make sure you use the exact same line in both.
> It is possible for the use do not need to enter the username and
> password, I mean it take the user name from system (IE?)
Not automatically in "Basic" authentication. The closest you have here is
the ability to have MSIE (and most other browsers) save the entered
password.
If you want fully transparent authentication then look into NTLM
authentication via Samba-3. This is the "Microsoft Integrated Login"
mechanism also supported by MS ISA and IIS.
> 2) users with Chinese CN does not work.
>
> For users with Chinese CN and displayName in the windows 2000 AD,
> squid_ldap_auth will not work even in the comman line. It is a bug or
> I need more configuration.
Probably LDAP and your browser does not agree on what encoding to use for
the user name. If I am not mistaken LDAP uses UTF-8.
Please use "log_mime_hdrs" to inspect what your browser is sending. What
you are looking for is the "Proxy-Autorization" header which carries the
login and password in base64 encoding.
Regards
Henrik
Received on Mon Jul 26 2004 - 00:49:24 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT