Re: [squid-users] NT authentication without joining the domain

From: Serassio Guido <guido.serassio@dont-contact.us>
Date: Tue, 10 May 2005 16:07:13 +0200

Hi,

At 15.50 10/05/2005, Discussion Lists wrote:

>Hi All,
>I am running into a curious problem that I was hoping you all would be
>able to help me with. I am troubleshooting a problem with a squid
>config where squid authenticates proxy users against active directory
>using NT authentication (re: NOT LDAP) and that machine isn't joined to
>the domain at all. It doesn't work now, but they insist it did work.

This is correct, but with many limitations:
- The AD domain must have "Pre-Windows 2000 Compatible Access" enabled
- The AD domain policies must don't activate any security policy regarding
traffic signing
- You must use SMB NTLM authenticator or MSNT basic authenticator
- You cannot check group membership
- NTLMv2 cannot be supported

>Does anyone have docs on how to get squid to auth users without being
>joined to the domain first?

See any docs about SMB and MSNT.

Regards

Guido

-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Tue May 10 2005 - 08:07:18 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT