Boa tarde..... Estou tentando implementar squid_ldap_auth que autentica em um servidor Windows 2003 server.
Ate ai, tudo bem, esta funcionando a autenticacao LDAP, porem, eu preciso deixar a autenticacao para usuarios que usam Windows XP autenticado no dominio, quando abrirem o browser, que a autenticacao seja automatica ou seja, transparente. O Browser fica solicitando usuario e senha, se eu colocar um usuario do meu AD e sua senha, funciona, mas eu preciso que seja feito automaticamente. Existe alguma maneira? Abaixo meu squid.conf ######### # AUTENTICACAO # auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -R -b "dc=domain,dc=com" -D "cn=proxy_user,ou=internet,dc=domain,dc=com" -w "dom...@123mudar" -f sAMAccountName=%s -h 192.168.0.1 auth_param basic transparent Insira seu Usuario e Senha da Rede!!! auth_param basic children 5 auth_param basic credentialsttl 15 minutes ######### ######### ## acl password proxy_auth REQUIRED ## acl manager proto cache_object acl localhost src 127.0.0.1/32 acl localhost src ::1/128 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl to_localhost dst ::1/128 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 8443 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 8443 # PLESK acl CONNECT method CONNECT ## # external_acl_type ldap_group %LOGIN /usr/local/libexec/squid/squid_ldap_group -R -b "dc=dominio,dc=com" -D "cn=proxy_user,ou=internet,dc=domain,dc=com" -w "dom...@123mudar" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=internet,dc=domain,dc=com))" -h 192.168.0.1 acl ldapAcessoPadrao external ldap_group AcessoPadrao ######### acl ips_liberados src "/usr/local/etc/squid/SECURITY/ips_liberados.txt" acl sites_liberados dstdomain -i "/usr/local/etc/squid/SECURITY/sites_liberados.txt" acl palavras_proibidas url_regex "/usr/local/etc/squid/SECURITY/palavras_proibidas.txt" acl extencoes_proibidas url_regex -i "/usr/local/etc/squid/SECURITY/extencoes_proibidas.txt" acl sites_proibidos dstdomain "/usr/local/etc/squid/SECURITY/sites_proibidos.txt" ######### http_access allow ips_liberados http_access allow sites_liberados http_access deny palavras_proibidas http_access deny extencoes_proibidas http_access deny sites_proibidos http_access allow ldapAcessoPadrao ########## http_access allow manager localhost http_access deny manager http_access allow Safe_ports http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow localhost ## http_access allow password ## http_access deny all ## http_port 3128 hierarchy_stoplist cgi-bin ? ## cache_mem 512 MB maximum_object_size_in_memory 10240 KB memory_replacement_policy lru cache_replacement_policy lru cache_dir ufs /tank/squid/cache 102400 16 256 max_open_disk_fds 0 minimum_object_size 0 KB maximum_object_size 1024000 KB cache_swap_low 90 cache_swap_high 95 ## log_fqdn on #logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh access_log /tank/squid/logs/access.log squid cache_store_log /tank/squid/logs/store.log cache_log /tank/squid/logs/cache.log coredump_dir /var/squid/cache diskd_program /usr/local/libexec/squid/diskd unlinkd_program /usr/local/libexec/squid/unlinkd refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 visible_hostname omegared dns_nameservers 192.168.0.1 ======================= Eduardo Wutzl Tecnólogo eduwu...@gmail.com - 11-7892-7580 Nextel ID: 100*116975 ======================= ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd