Re: [squid-users] ntlm_auth for windows clients that arent part of the default domain

From: Andrew Best <festivus@dont-contact.us>
Date: Wed, 29 Jun 2005 09:36:12 +1000

On 6/25/05, Henrik Nordstrom <hno@squid-cache.org> wrote:
> On Thu, 16 Jun 2005, Festivus wrote:
> >
> > What I need to know is, is there a way I can make ntlm_auth use the
> > default domain for when a user doesnt enter the domain?
>
> Good question.
>
> Do the clients even accept leaving the domain field blank?

No they do not.

> If the clients accept using a blank domain then you could try asking the
> Samba people if ntlm_auth could be made to substitute a default domain in
> the authentication if the domain is left blank by the client.
>
> There is no way to make the NTLM login dialog not have that domain field.
> The format of this login dialog is fully defined by the browse, all the
> server (i.e. Squid) says is that NTLM authentication is acceptable and the
> domain of the server.

I wasn't* wanting to do away with the domain field at all. I was
looking to see if ntlm_auth could be told in some way "if the user
doesn't enter a domain we'll just assume they entered domain X".

* = When I say "wasn't", yes im referring to the past. Ive decided to
stop using NTLM and switched over to LDAP authentication. Sure it
throws an authentication dialog for ALL users now but I need to get
the migration to the new server finished.

Apologies for the late reply.

-- 
There is no gravity the world sucks.
- William Gibson - Pattern Recognition
Received on Tue Jun 28 2005 - 17:36:13 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:03 MDT