Markus.Rietzler_at_rzf.fin-nrw.de wrote:
>> Rich West wrote:
>>> I added NTLM authentication (via winbind back to AD), and that works
>>> great. I can see the user names populated in the output. However, I
>>> cannot seem to get it to allow traffic through for those
>> users that the
>>> NTLM authentication fails on.
>>>
>>> In other words, I have:
>>> ---squid.conf snippet---
>>> auth_param ntlm program /usr/bin/ntlm_auth
>>> --helper-protocol=squid-2.5-ntlmssp
>>> auth_param ntlm children 5
>>>
>>> auth_param basic program /usr/bin/ntlm_auth
>>> --helper-protocol=squid-2.5-basic
>>> auth_param basic children 5
>>> auth_param basic realm Web Proxy Server
>>> auth_param basic credentialsttl 24 hours
>>> ...
>> The simplest way around this is to setup basic authentication as a
>> backup to NTLM (configured after NTLM auth config). And give those
>> people a special type of user/pass for internet access.
>>
>
> but this means, that there must be a special user in the AD domain to
> work. so everyone can use that "surfer" account.
Not what I meant to say. What did I mean you describe in the next
paragraph ...
>
> you have uses auth ntlm and auth basic. that means that you will first
> try to do ntlm auth against AD and if this fails you do basic auth also
> against AD. you could change the basic auth to do auth against a local
> passwd-file, than you could add accounts with id/password who are
> allowed to access the squid. if a person is not member of AD nor in the
> passwd-list then he is not allowed to access - at least if he doesn't
> know one id/pass from passwd...
>
> markus
Amos
-- Please use Squid 2.7.STABLE3 or 3.0.STABLE7Received on Thu Jul 17 2008 - 12:50:39 MDT
This archive was generated by hypermail 2.2.0 : Thu Jul 17 2008 - 12:00:03 MDT