[squid-users] Transparent LDAP authentication

From: Philip Kloppers <philip@dont-contact.us>
Date: Thu, 27 Mar 2008 20:20:49 +0200

I have an OpenSuse 10.2 box that runs Samba / OpenLDAP as a PDC, as well as
Squid with delay pools to limit bandwidth dependant upon user, group, time
of day and machine. I have managed to get everything working and
authenticating correctly using smb_ldap_auth and smb_ldap_group. However, I
would like to get the clients to authenticate transparently using the domain
credentials from the initial domain logon, and not having to re-authenticate
every time they open the browser.

The clients (mostly XP with a few FreeNX terminals on various Linux
flavours) are all set up to use the proxy, and then iptables rules blocking
users from bypassing the proxy, so I am not transparently intercepting web
traffic, as I understand that authentication cannot be used with a
transparent proxy.

Is single sign-on a possibility without using an M$ PDC? All the searching
seems to point to using ntlm_auth for this sort of thing.

Philip

PS: I have tried using ntlm_auth to authenticate against the Samba server...
the users are able to authenticate correctly, but still need to re-enter
their credentials every time they open their browsers.
Received on Thu Mar 27 2008 - 12:21:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT