Hello,

I'm currently building a Windows Domain Controller with samba3/openLDAP backend and also maintain the unix accounts in that directory.

In our network we have Win2k (in that samba3 Domain) as well as openSuSE Terminals (with user auth against the ldap dir).

Now how can I configure Squid in order to not ask again (after already logging onto the machine) for user/pass but still have a user based logging.

Currently my squid config looks like this:

   auth_param basic program /usr/sbin/squid_ldap_auth -v 3 -d -b
   "dc=xxxxxxx,dc=xxxxxxx" -f "(uid=%s)" -D
   "cn=Manager,dc=xxxxxxx,dc=xxxxxxx" -w xxxxxxxx localhost:389
   auth_param basic children 20
   auth_param basic realm Squid proxy-caching web server
   auth_param basic credentialsttl 60 minutes

   ethernal_alc_type proxy_group %LOGIN /usr/sbin/squid_ldap_group -v
   -b "ou=Groups,dc=xxxxxxx,dc=xxxxxxx" -f "(&(cn=%a)(memberUid~=%u))"
   localhost:389

   acl ldap_password proxy_auth REQUIRED
   acl ldap_group external proxy_group SquidUsers

   http_access allow ldap_group

But obviously that will prompt the user for his credentials.

Note: We're using IE6/FF/Opera and for special users even Netscape (7 - if i remember correctly).

Thank you for your help

Greetings
Alexander

Reply via email to