On tis, 2008-10-21 at 19:57 -0500, Lou Lohman wrote:
> I have been poking around the Internet and mailing lists and anything
> else I can think of, for DAYS, to try to answer what I thought would
> be a simple question, "How can I configure Squid so that my authorized
> Windows users (Members of the proper security group in AD who are
> logged into the network) don't have to answer a challenge to get out
> to the Internet?"
This consists of three pieces.
1. Configuring the clients to use the proxy, using a server name which
MSIE secururity classifies as "Local LAN/Intranet". Usually a "short"
server name without domain works, but Windows people can answer this
better than me.
2. Configuring the proxy with ntlm (and perhaps negotiate)
authentication scheme support. Using Samba ntlm_auth as helper is
recommended.
3. Limiting access to the given group. Can be done in two ways, either
restrict ntlm_auth to only accept members of the given group, or lookup
the group membership using wbinfo_group.
Regards
Henrik
This archive was generated by hypermail 2.2.0 : Wed Oct 22 2008 - 12:00:05 MDT