On Wed, 13 Aug 2003, Arief Kurniawan wrote: > Here's the situation : > - I have an NT domain
OK > - I need squid authentication that works with NT users & groups OK > - No pop up windows asking username/password on IE before browsing. Then you need to use the NTLM scheme. > - Squid 2.5 Stable 3 source ready to configure. OK, > Give me a hint of what auth method / helper should I use ? What's the > comparison of NTLM, Winbind, Wb_group, SMB, MSNT authentication methods ? You are mixing different things here in the same questsions.. For authentication there is two different authentication shemes which can be used basic -> login+password in plain text. Supported by all browsers in all environment. ntlm -> Microsoft Integrated Login. Automatic login by MSIE browsers to servers connected to the same domain using the same NTLM/LANMAN authentication as when you connect to a fileserver etc. Then there is also a third authentication scheme which is good to know about: digest -> Secure transmission of authentication, but can not be integrated with any backend databases such as NT Domain etc bur requires it's own password database (currently a text file). Each scheme have their own set of different helpers. Helpers from one scheme can not be used in another authentication scheme. Then for authorization (permissions based on group memberships etc) there is something called external acls in Squid. This is managed separately from authentication, and uses the login information provided by authentication. This also have a set of different helpers. For NT domain integration the recommended method is using Samba winbind. There is helpers in all three categories (Basic auth, NTLM auth, external acl group) using winbind to talk to the NT Domain. See the Squid FAQ for installation instructions. Regards Henrik
