Re: [squid-users] LDAP Passthrough Authentication from Justin Doles on 2007-06-07 (squid-users)

From: Justin Doles <Justin.Doles@dont-contact.us>
Date: Thu, 07 Jun 2007 08:46:58 -0400

>>> Henrik Nordstrom <henrik@henriknordstrom.net> 06/06/2007 6:00 PM >>>
ons 2007-06-06 klockan 11:36 -0400 skrev Justin Doles:

> What I'm asking is that instead of the prompt that pops up for a user
> to enter their user name & password I would like to pass the
> credentials from OS.

> For that you need to use the NTLM or Negotiate authentication schemes.

> My initial thought is that there's likely not a solution at hand to do
> this. I know with Microsoft's ISA server you can pass credentials,
> but that's do to the fact that it uses IIS in the background.

> Squid has this same capability.

> Best way to configure it is by using Samba to talk to the Windows domain
controllers.

> http://wiki.squid-cache.org/SquidFaq/ProxyAuthentication#head-1d6e24e071a1a5e65f112d9a96cdf1320684a8f2

Thanks for the pointers. I should have explained a bit more about what I'm attempting though. All of our users are stored in Novell's eDirectory. I can use LDAP to authenticate to that db. I've gotten that to work with Squid. I'm just trying to find a way to avoid the popup prompt for authentication. As far as I know, there isn't a way to do that with Squid. Correct? I could be wrong on that since I'm still new to this.

So if I can't pass the credentials like I can with NTLM, my other thought was to have them redirected to a login web page and then pass those credentials onto Squid. This way would be nice in that I could post the policies on that page as a reminder to the users. This sounds doable to me. But as I said above, I'm still new to Squid.

Again thanks for the tips. This is by far one of the most active and helpful mailing lists I subscribe to. :)

Thanks,

Justin Doles
**********************************************************************************************
IMPORTANT: The contents of this email and any attachments are confidential. They are intended for the
named recipient(s) only.
If you have received this email in error, please notify the system manager or the sender immediately and do
not disclose the contents to anyone or make copies thereof.
*** eSafe scanned this email for viruses, vandals, and malicious content. ***
**********************************************************************************************
Received on Thu Jun 07 2007 - 06:47:23 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT