One advantage of simple ldap authentication is that you do not need
samba, winbind, etc, hassles. All you do is add a couple of lines to
your squid.conf to use the ldap_auth helper to authenticate, and the
squid_ldap_group helper if you want to test whether Active Directory
user x is in Active Directory group y.
A really nice guide is here:
http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
I like ldap_auth for it's simplicity. I can have users access the proxy
from Windows, Mac, Linux machines with no extra configuration. I simply
create a user account for them in Active Directory for when their
browser prompts them.
D.R.
----- Original Message -----
From: "Logu" <logsnaath@gmx.net>
To: <squid-users@squid-cache.org>
Sent: Saturday, March 18, 2006 5:21 AM
Subject: [squid-users] Squid Active directory, Samba and Kerberos
> Hi,
>
> I want to authenticate squid proxy users against Active Directory
> (win2k). Should I go for ntlm authentication or basic squid ldap
> authentication. what are the advantages and disadvantages of both. I
> have read the documents for ntlm authentication and came to know that
> it requires samba, winbind and kerberos. Why do we need these packages
> to communicate to the Active Directory. I have earlier configured
> pam_ntlm authentication for telnet and other applications for which
> just a samba server which will act as PDC or a workgroup. But why in
> this case it requires samba ( and Kerberos) even though there is a
> domain controller (win2k with AD).
>
> Thanks
> -logu
>
Received on Fri Mar 17 2006 - 13:31:21 MST
This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST