On Wed, 13 Aug 2003, Arief Kurniawan wrote:
> Here's the situation :
> - I have an NT domain
OK
> - I need squid authentication that works with NT users & groups
OK
> - No pop up windows asking username/password on IE before browsing.
Then you need to use the NTLM scheme.
> - Squid 2.5 Stable 3 source ready to configure.
OK,
> Give me a hint of what auth method / helper should I use ? What's the
> comparison of NTLM, Winbind, Wb_group, SMB, MSNT authentication methods ?
You are mixing different things here in the same questsions..
For
authentication there is two different authentication shemes which can be
used
basic -> login+password in plain text. Supported by all browsers in all
environment.
ntlm -> Microsoft Integrated Login. Automatic login by MSIE browsers to
servers connected to the same domain using the same NTLM/LANMAN
authentication as when you connect to a fileserver etc.
Then there is also a third authentication scheme which is good to know
about:
digest -> Secure transmission of authentication, but can not be integrated
with any backend databases such as NT Domain etc bur requires it's own
password database (currently a text file).
Each scheme have their own set of different helpers. Helpers from one
scheme can not be used in another authentication scheme.
Then for authorization (permissions based on group memberships etc) there
is something called external acls in Squid. This is managed separately
from authentication, and uses the login information provided by
authentication. This also have a set of different helpers.
For NT domain integration the recommended method is using Samba winbind.
There is helpers in all three categories (Basic auth, NTLM auth,
external acl group) using winbind to talk to the NT Domain. See the Squid
FAQ for installation instructions.
Regards
Henrik
Received on Wed Aug 13 2003 - 06:12:09 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:51 MST