[squid-users] R: [squid-users] Question about squid authenticators from Reale Marco on 2006-12-21 (squid-users)

From: Reale Marco <Marco.Reale@dont-contact.us>
Date: Thu, 21 Dec 2006 09:42:37 +0100

Hi Henrik

Thanks a lot for your good explanation

1) LDAP
Now it is more clear to me. For example I hadn't understood that using LDAP authentication only basic (plain text) authentication is possible and that for NTLM I need to join to the domain.

2) FIREFOX
I didn't know that firefox already support wpad; I tried today (with dns) and it works!
The only thing you said and that I havent' understood is:
"I am told it does. But have no AD environment.."
What does it mean?

-----Messaggio originale-----
Da: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Inviato: giovedì 21 dicembre 2006 0.30
A: Reale Marco
Cc: squid-users@squid-cache.org
Oggetto: Re: [squid-users] Question about squid authenticators

ons 2006-12-20 klockan 15:18 +0100 skrev Reale Marco:

> I'd like to test the same "topology" using a linux machine and reading
> squid doc I have understood that this is possible using a version of
> Samba > 3.02 (that support ntlmv2) and "ntlm_auth"
> This sounds good and support ntlmv2 BUT require the join to the domain

Yes, and so does Windows..

> Now I have 3 questions:
> 1)Ldap auth
> I have some devices like "fortigate800", "hp printers" etc...that
> support ldap authentication and obviously this devices are not joined
> to the domain but they simply query mine domain controller;

Yes. And so can Squid if you prefer. See the squid_ldap_auth basic auth helper.

> Does it work correctly? What are cons? Is it what I need or are there
> better solutions?

Setting up LDAP authentication is a bit harder for the novice admin as a lot of how MSAD exposes itself in the LDAP interface isn't very obvious using the default MS admin tools.

Also only basic (plain text) authentication is possible via LDAP. For NTLM authentication you need to be joined to the domain somewhere..

> 2) Firefox and ntlm support
> Does Firefox support ntlmv2 both in windows and linux?

I am told it does. But have no AD environment..

> 3) Firefox and wpad
> I saw that firefox doesn't support wpad (that is wonderful in my
> opinion); how is possibile? Why firefox developers doesn't add wpad
> support both on windows and linux?

Firefox supports WPAD using DNS.

It does not support the DHCP WPAD option as access to DHCP options is generally not available to Firefox when running under Linux.

Regards
Henrik
Received on Thu Dec 21 2006 - 01:42:44 MST

This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST