RE: [squid-users] Squid + ntlm authentication with not trusted domains

 
Hi,

After spending some time looking at the ntlm auth from squid, because it
didn’t do exactly what I wanted I wrote a perl program this way I could make
it check the AD using ntlm_auth to see if a user existed and was a member of
a group, then check to see if the user was in a specific database this way
my normal users could exist in the AD and my tempory short term users (some
students) could exist in a postgres database. Then rather than point
squid.conf to the ntlm_auth I point it to my perl app. It works well and
means I can do other fancy things with authentication in the future.

Hope that helps get you where your going

Paul

----------------------------------------------------------------------------
--------
flandercan.co.uk
Paul Flanders
paul@flandercan.co.uk
http://www.flandercan.co.uk
----------------------------------------------------------------------------
--------

-----Original Message-----
From: Mark Elsen [mailto:mark.elsen@gmail.com]
Sent: 30 November 2005 18:21
To: Andre Fernando Goldacker
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid + ntlm authentication with not trusted
domains

> Hi,
>
> My squid is running with ntlm authentication against MS AD 2k. Is there a
way to configure squid using ntlm to authenticate users that aren't members
of my current domain and neither members of a trusted domain? I have a mixed
MS AD/NT4 environment with some NT4 domains on a WAN. Also, sometimes I have
users that come with notebooks and I don't want them to join my domain or
change their workgroup, but they need to go through the proxy. My goal is to
get rid of MS Proxy 2.0 which I'm currently using and does this job, and
squid always asks for username and password for that kind of users which
have to inform my domain\username and pass to go through, I want to know if
squid can also like MS Proxy "forget" the domain part and authenticate them
as if they were part of the domain.
> Any help will be very much appreciated,
>

 Put them in a reserved ip address range; and let these addresses use the
proxy without authentication.

 M.

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.10/189 - Release Date: 30/11/2005
 
-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.10/189 - Release Date: 30/11/2005