RE: [squid-users] NT authentication without joining the domain

Awsome! Great info, thank you! Incidentally, I set it up with LDAP
authentication just to see what would happen. It seems to recognize
group membership under that scheme, but it always prompts me for a
password (with msnt_auth it doesn't do that BTW. It just lets me
directly into the website.), and it shouldn't be doing that. Any ideas
on how to stop that?

Thanks again!

> -----Original Message-----
> From: Serassio Guido [mailto:guido.serassio@acmeconsulting.it]
> Sent: Tuesday, May 10, 2005 7:07 AM
> To: Discussion Lists; squid-users@squid-cache.org
> Subject: Re: [squid-users] NT authentication without joining
> the domain
>
>
> Hi,
>
> At 15.50 10/05/2005, Discussion Lists wrote:
>
> >Hi All,
> >I am running into a curious problem that I was hoping you
> all would be
> >able to help me with. I am troubleshooting a problem with a squid
> >config where squid authenticates proxy users against active
> directory
> >using NT authentication (re: NOT LDAP) and that machine
> isn't joined to
> >the domain at all. It doesn't work now, but they insist it did work.
>
> This is correct, but with many limitations:
> - The AD domain must have "Pre-Windows 2000 Compatible Access" enabled
> - The AD domain policies must don't activate any security
> policy regarding
> traffic signing
> - You must use SMB NTLM authenticator or MSNT basic authenticator
> - You cannot check group membership
> - NTLMv2 cannot be supported
>
> >Does anyone have docs on how to get squid to auth users
> without being
> >joined to the domain first?
>
> See any docs about SMB and MSNT.
>
> Regards
>
> Guido
>
>
>
> -
> ========================================================
> Guido Serassio
> Acme Consulting S.r.l. - Microsoft Certified Partner
> Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
> Tel. : +39.011.9530135 Fax. : +39.011.9781115
> Email: guido.serassio@acmeconsulting.it
> WWW: http://www.acmeconsulting.it/
>
>
Received on Tue May 10 2005 - 08:39:16 MDT