Re: [squid-users] Squid Active directory, Samba and Kerberos
lör 2006-03-18 klockan 10:12 +0530 skrev Logu: > Thanks for your response D.R. I would like to know what role does kerberos > play when authencating with ntlm scheme. None. NTLM is the Windows NT authentication method, supported by Active Directory in parallel to its Kerberos authentication method. > Is Active Directory a combination of kerberos and ldap ? Yes, plus NT Domain, NTLM, NTLMv2, MS-CHAP and a bit more. Digest is also optionally supported. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Squid Active directory, Samba and Kerberos
One advantage of simple ldap authentication is that you do not need samba, winbind, etc, hassles. All you do is add a couple of lines to your squid.conf to use the ldap_auth helper to authenticate, and the squid_ldap_group helper if you want to test whether Active Directory user x is in Active Directory group y. A really nice guide is here: http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory I like ldap_auth for it's simplicity. I can have users access the proxy from Windows, Mac, Linux machines with no extra configuration. I simply create a user account for them in Active Directory for when their browser prompts them. I want to authenticate squid proxy users against Active Directory (win2k). Should I go for ntlm authentication or basic squid ldap authentication. what are the advantages and disadvantages of both. I have read the documents for ntlm authentication and came to know that it requires samba, winbind and kerberos. Why do we need these packages to communicate to the Active Directory. I have earlier configured pam_ntlm authentication for telnet and other applications for which just a samba server which will act as PDC or a workgroup. But why in this case it requires samba ( and Kerberos) even though there is a domain controller (win2k with AD). Thanks for your response D.R. I would like to know what role does kerberos play when authencating with ntlm scheme. Is Active Directory a combination of kerberos and ldap ? -logu
Re: [squid-users] Squid Active directory, Samba and Kerberos
One advantage of simple ldap authentication is that you do not need samba, winbind, etc, hassles. All you do is add a couple of lines to your squid.conf to use the ldap_auth helper to authenticate, and the squid_ldap_group helper if you want to test whether Active Directory user x is in Active Directory group y. A really nice guide is here: http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory I like ldap_auth for it's simplicity. I can have users access the proxy from Windows, Mac, Linux machines with no extra configuration. I simply create a user account for them in Active Directory for when their browser prompts them. D.R. - Original Message - From: "Logu" <[EMAIL PROTECTED]> To: Sent: Saturday, March 18, 2006 5:21 AM Subject: [squid-users] Squid Active directory, Samba and Kerberos Hi, I want to authenticate squid proxy users against Active Directory (win2k). Should I go for ntlm authentication or basic squid ldap authentication. what are the advantages and disadvantages of both. I have read the documents for ntlm authentication and came to know that it requires samba, winbind and kerberos. Why do we need these packages to communicate to the Active Directory. I have earlier configured pam_ntlm authentication for telnet and other applications for which just a samba server which will act as PDC or a workgroup. But why in this case it requires samba ( and Kerberos) even though there is a domain controller (win2k with AD). Thanks -logu
[squid-users] Squid Active directory, Samba and Kerberos
Hi, I want to authenticate squid proxy users against Active Directory (win2k). Should I go for ntlm authentication or basic squid ldap authentication. what are the advantages and disadvantages of both. I have read the documents for ntlm authentication and came to know that it requires samba, winbind and kerberos. Why do we need these packages to communicate to the Active Directory. I have earlier configured pam_ntlm authentication for telnet and other applications for which just a samba server which will act as PDC or a workgroup. But why in this case it requires samba ( and Kerberos) even though there is a domain controller (win2k with AD). Thanks -logu