Re: [squid-users] Re: squid_ldap_group authorisation of 2000 AD Groups
On Fri, 2004-12-03 at 00:14, Adam Aube wrote: There is support for NTLM (aka Windows Integrated Authentication), but it has some limitations: 1) It only fully works with IE AFAIK Mozilla Firefox supports it, both on MSWindows and on Non-MSWindows platforms. Of course, on Firefox it is (rightfully so if you ask me) non-transparent. 2) NTLM-over-HTTP is horribly broken - see the list archives for details I can testimony to that. Kinkie
Re: [squid-users] Re: squid_ldap_group authorisation of 2000 AD Groups
Hi, At 13.47 05/12/2004, Kinkie wrote: On Fri, 2004-12-03 at 00:14, Adam Aube wrote: There is support for NTLM (aka Windows Integrated Authentication), but it has some limitations: 1) It only fully works with IE AFAIK Mozilla Firefox supports it, both on MSWindows and on Non-MSWindows platforms. Of course, on Firefox it is (rightfully so if you ask me) non-transparent. On Windows latest Firefox seems to works transparently using logged-in user credentials like IE. 2) NTLM-over-HTTP is horribly broken - see the list archives for details I can testimony to that. Me too ... :-) Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: [squid-users] Re: squid_ldap_group authorisation of 2000 AD Groups
Serassio Guido wrote: Hi, At 13.47 05/12/2004, Kinkie wrote: On Fri, 2004-12-03 at 00:14, Adam Aube wrote: There is support for NTLM (aka Windows Integrated Authentication), but it has some limitations: 1) It only fully works with IE AFAIK Mozilla Firefox supports it, both on MSWindows and on Non-MSWindows platforms. Of course, on Firefox it is (rightfully so if you ask me) non-transparent. On Windows latest Firefox seems to works transparently using logged-in user credentials like IE. 2) NTLM-over-HTTP is horribly broken - see the list archives for details I can testimony to that. Me too ... :-) Regards Guido Hmmm... this doesn't bode well for what I am trying to do. However it is working at the moment. My only problem is that the users to be authenticated/authorised are in different OUs. How can I get squid_ldap_group to work with users in different OUs? I set the Base DN to be at the level in the tree below the OUs but I don't think the search filter can construct the user DN from the base DN and the filter. Any advice? Regards, Oliver
[squid-users] Re: squid_ldap_group authorisation of 2000 AD Groups
Oliver Hookins wrote: Here's the real question - is it actually possible to have group AUTHORISATION without requiring the user to enter any login details (AUTHENTICATION), i.e. the username comes from Windows or something? How is Squid supposed to check for membership in a group if it has no username to check the membership of? [email disclaimer snipped] If at all possible, could you please turn the disclaimer off? When posting to public mailing lists, the disclaimer is pointless (and somewhat annoying). Adam
[squid-users] Re: squid_ldap_group authorisation of 2000 AD Groups
Adam Aube wrote: Oliver Hookins wrote: Here's the real question - is it actually possible to have group AUTHORISATION without requiring the user to enter any login details (AUTHENTICATION), i.e. the username comes from Windows or something? How is Squid supposed to check for membership in a group if it has no username to check the membership of? There is support for NTLM (aka Windows Integrated Authentication), but it has some limitations: 1) It only fully works with IE 2) NTLM-over-HTTP is horribly broken - see the list archives for details Adam