On Mon, 26 Jul 2004, Huang, David wrote: > 1) user has to enter username (UPN) and password I tried to use > sAMAccountName, instead of userPrincipalName, it works fine in the > command line for squid_ldap_auth, but NOT for using it in the > configuration file. I dont know why!
If it works from the command line then it must work from squid.conf as well. Make sure you use the exact same line in both. > It is possible for the use do not need to enter the username and > password, I mean it take the user name from system (IE?) Not automatically in "Basic" authentication. The closest you have here is the ability to have MSIE (and most other browsers) save the entered password. If you want fully transparent authentication then look into NTLM authentication via Samba-3. This is the "Microsoft Integrated Login" mechanism also supported by MS ISA and IIS. > 2) users with Chinese CN does not work. > > For users with Chinese CN and displayName in the windows 2000 AD, > squid_ldap_auth will not work even in the comman line. It is a bug or > I need more configuration. Probably LDAP and your browser does not agree on what encoding to use for the user name. If I am not mistaken LDAP uses UTF-8. Please use "log_mime_hdrs" to inspect what your browser is sending. What you are looking for is the "Proxy-Autorization" header which carries the login and password in base64 encoding. Regards Henrik
