On Fri, 12 Mar 2004 [EMAIL PROTECTED] wrote:
So: is it possible, using Squid, LDAP server, and a browser that supports NTLM, to authenticate user, so that no pop-up 'username + password' window shows up?
No, but it is fully possible to use Squid + Active Directory + a browser that supports NTLM in such manner.
OK. Here's my setup:
[Squid-192.168.1.1]---[Active Directory-192.168.1.2]
and a network of 192.168.1.* attached to it, with NTLM enabled browsers attached to it.
Currently everyone is authenticated through squid_ldap_auth first, then squid_ldap_group, so that everyone could match his/her own acl.
User+pass windows pops up.
In order to get rid of that pop-up windows:
1) Does that mean that I have to install Samba on Squid machine?
2) Does that mean, that I have to remove squid_ldap_auth from the config file, as authentication would be done by Samba?
3) Does that mean, that squid_ldap_group can stay, as I need to match each ldap-group with respective acl?
What I also think, this all ldap_auth, ldap_group, NTLM stuff is *very* poorly documented, especially when one wants to make them work together.
This means, that instead of wasting a couple of days, one coul do it in a few hours, if there was decent documentation describing it.
I could write it, with examples, screenshots etc. as soon as I have NTLM working.
So far, I have ldap_auth and ldap_group.
What do you think?
-- T.
