Le 31 janvier 2012 23:36, CyberSoul <cybersoul_at_gmx.com> a écrit :
> Hi all,
> could anyone give any suggestion for realize next scheme:
>
> User turn on the computer & after booting operate system,
> he enter login\password for authorize in domain (Active Directory).
> After logon in AD, he did not enter any login\password to access to the Internet.
> That is, he open any site in the web-browser & Squid don't ask him login\password, but
> authorized for user still was transparent.
>
> At this moment, scheme is follow:
> User logon in AD, open a web-browser, Squid ask him login\password. After checking
> is the user is present in base of AD, input correct log\pass & check whether he belongs to
> a group with access to the Internet (with 'squid_ldap_auth' & 'squid_ldap_group'), user can
> go to the Internet. When he close web-browser & repeatly open a web-browser, squid ask him log\pass
> again & check is repeat.
>
> So, a question is: how to do that user input log\pass only once (in logon in domain) & Squid
> will no longer ask him log\pass, but still was authorization? Maybe is there anything options with
> 'external_acl_type ... %LOGIN'? Or else where...
>
>
>
>
Depending on ungly bug release of windows you are using (combination
of server/client) you shall use NTLM2 or 1 or go for kerberos.
LD
Received on Thu Feb 16 2012 - 18:32:50 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 17 2012 - 12:00:03 MST