[squid-users] Integrated Authentication

I'm still trying to force my users to be logged with their workstation
into the Active Directory, if they want to use the Internet proxy, with
a user/password/domain popup authentication window request disable from
the proxy.

As long as I understand, I have the following "truths":

    - A proxy can authenticate an Active Directory user by using
Integrated Windows Authentication, so no user/password/domain is
requested and windows logon credentials are used, and to do that it can
use as authentication protocols NTLM or Kerberos. These protocols are
used between the browser and the proxy.

    - MS ISA 2004 support both (/NTLM and Kerberos) authentication
protocols

    - Squid support only NTLM authentication protocol

    - IE 6 support Kerberos authentication protocol, but it doesn't work
if you are using a workstation with Win9x/Me/NT Operating System.

So, because Squid only suppport NTLM authentication protocol, I can't
disable from the proxy the popup authentication to the AD, neither
disable it if I have in the net workstations with Win9x/Me/NT Operating
System.

    I'm right? Thanks!

attached mail follows:

Hi, I'm running samba3 and using the integrated NTLM authentication so
our users get authenticated to the AD Domain when they use their IE,
without being asked for a username / password. If they aren't logged
into the AD domain, a popup it´s open on their browsers asking for its
username / password. So, what I need, it's disable this last option to
run, forcing to all users to are logged into the AD if they want to use
Internet.

I'm using the ntlm_auth authentication helper, what and how I can do it?

Thanks!
Received on Tue May 10 2005 - 09:51:44 MDT