RE: [squid-users] SquidNT Authentication Question from Jacques Kruger \(DHL NA\) on 2009-09-22 (squid-users)

From: Jacques Kruger \(DHL NA\) <jacques.kruger_at_dhl.com>
Date: Tue, 22 Sep 2009 08:32:05 +0200

Hi Amos,

Thanks for the feedback. You are right, I should check my terminology as
I am in fact referring to Squid for Windows.

I'll have a go with the 2.7 release today and advise if that solves my
issue.

Have a fun day!

Jacques Kruger

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: 22 September 2009 06:31
To: Jacques Kruger (DHL NA)
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] SquidNT Authentication Question

On Mon, 21 Sep 2009 15:56:42 +0200, "Jacques Kruger \(DHL NA\)"
<jacques.kruger_at_dhl.com> wrote:
> Hi,
>
> I am currently using SquidNT (Version 2.6.STABLE13) as a local proxy
in

Side note;

The old project 'SquidNT' is no longer existing. The current official
Squid
windows port is termed 'Squid for Windows' available only from Acme
Consulting Ltd (http://squid.acmeconsulting.it/) and possibly soon the
main
squid-cache.org website. There are some copyright violators known using
the
old experimental project name to advertise an altered and dubious
version
of the Squid binary for profit.

Please check you have the official Squid for windows software and kindly
please assist us undermining the copyright violators by updating your
terminology about Squid to the new name. Thank you.

> each of our smaller offices. I authenticate against MS Active
Directory
> using a Global Group. I have noticed that the authentication has a
> limitation in that the helper seems not to check Group membership
> recursively, i.e. it will only look at the first result and if that
> result is a group, it will not check membership of the lower group.
>
> I have learned to live with this but changes in our AD policy will
> require me to make my internet access group a member of a higher group
> and I should then authenticate to the higher group, that will no work
(I
> hope I'm making sense).
>
> I have treid this with 3.0.STABLE13-BZR and it persists. Any way to
work
> around this?

The new version of mswin_check_ad_group helper provided with 2.7.STABLE7
and later appears to have nested group support you are wanting. It
should
be available from Acme soon if not already.

Amos
Received on Tue Sep 22 2009 - 06:32:34 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 22 2009 - 12:00:02 MDT