Henrik Nordstrom <hno@squid-cache.org>
Sent by: hno@marasystems.com
02/05/2003 01:11 AM
To: Jack <sa_jill@yahoo.co.uk>
cc: Squid Users <squid-users@squid-cache.org>
Subject: Re: [squid-users] squid proxy for W2K active directoty users
Jack wrote:
>> Is it possible to use W2K native mode active directory for
authenticating
>> proxy users.
>Yes.
>You can use either LDAP (always works) or winbind (requires that support
>for NTLM is enabled in your AD, is by default)
>Regards
>Henrik
Henrik, I am reading this from the Windows 2000 server MCSE training Kit
book:
(same info can be found here:
http://www.mrhahn.com/Docs/w2kserver/Ch06.htm)
Mixed mode
1. When you first install or upgrade a domain controller to Windows 2000
Server, the domain controller runs in mixed mode.
2. Mixed mode allows the domain controller to interact with any domain
controllers in the domain that are running Microsoft Windows NT 3.51 or
4.0.
3. Any clients using NT LAN Manager (NTLM) and the directory service in
Windows NT 3.51 and 4.0 need mixed mode to authenticate to the network.
Point Number 3 is making me wonder again. I thought that I had users
authenticating against my win2k native mode domain, but then I realized,
that the
only reason they were able to authenticate seems to be because of a trust
set up with a windows NT4 server and my win2k domain. This book makes
a point of saying that NTLM authentication is only possible if your win2k
server is running in mixed mode, and mine are all running native mode.
There is
a conflict of info here, and I wonder if you or anybody else has more
info, or possible a link to microsoft that could expand on this. I can't
bring this into
production until I know exactly what's going on.
(PS. I think you and others are doing a great job answering questions on
this list)
-jamie-
Received on Thu Feb 06 2003 - 16:08:11 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:16 MST