Hi All,
In our environment currently we are using ISA server with userbased authentication. we are using windows 2003 Active Directory and almost all of the users are using Windows based OS. We want to seemlessly migrate our users to Squid.
I have not yet reached to any conlusion despite lot of studies/efforts/Squid Support. I would like you people to guide me in detail please.
If Negotiate/kerberos has a limitation in squid that it has only one fallback scheme and that is Basic/Ldap. Then isnt it a safe option to use netgotiate/NTLM if all users belonged to Microsoft Active Directory only?
As every logged-in domain user will always possess a valid NTLM token even if it dont have a valid kerberos token. So this scheme will not require any Fallback authentication mechanism to be defined.I would probably be needing to enumerate Active directory users through some mechanism(which i am not sure about at this moment) to get this scheme working. Am i right? please guide in detail.
Another thing which is confusing is that if alike kerberos NTLM token(and hence users credentials) will automatically passed to squid and user never requires a need to explicitly give password. Am i right?
What will happen if the user is not logged into the domain but on a workstation that is part of workgroup. I assume that in that case a password popup screen will appear and user will give his/her credentials in domainname/user format and that will work?
regards,
Bilal Aslam
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
https://signup.live.com/signup.aspx?id=60969
Received on Wed Apr 07 2010 - 05:44:47 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 08 2010 - 12:00:03 MDT