(copy for the list.)
It's out of my knowledge zone now, so is someone with SSO working able to
assist?
On Tue, 23 Feb 2010 16:41:35 -0800 (PST), Michael Mansour
<micoots_at_yahoo.com> wrote:
> Hi Amos,
>
> --- On Tue, 23/2/10, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
>> From: Amos Jeffries <squid3_at_treenet.co.nz>
>> Subject: Re: [squid-users] Is there a way to stop the Auth Window
pop-up
>> in the Web browser?
>> To: squid-users_at_squid-cache.org
>> Received: Tuesday, 23 February, 2010, 7:24 PM
>> Michael Mansour wrote:
>> > Hi,
>> >
>> > I have Squid authenticating AD domain accounts (via
>> it's LDAP helper)
>> > to an AD backend, if the user is part of an allowed
>> "Internet Users"
>> > group they get internet access, if they don't
>> authenticate or aren't
>> > part of the "Internet Users" group they don't get
>> internet access.
>> >
>> > What I'm after is a way to get rid of the "pop up"
>> authentication
>> > Window when the browser starts and uses the Squid
>> proxy server.
>> >
>> > The Windows workstations that access Squid are all
>> part of an AD
>> > domain and the users that login to those workstations
>> login with
>> > their valid AD accounts.
>> >
>> > I've tested various solutions from Web searches for
>> NTLM pass-thru,
>> > where for example, Firefox has "about:config" and ntlm
>> settings you
>> > can set in there, and for IE adding URL's to the
>> Intranet zone, but
>> > they don't work. I keep having Squid prompt for a
>> username and
>> > password.
>>
>> Are the browsers using NTLM or Kerberos? it makes a
>> difference if Squid is only configured for one.
>
> I'm relatively new to this. The Squid server is currently in test so I'm
> able to change things on a whim.
>
> When I was in the Firefox browser testing this, I only made changes to
the
> NTLM config settings. With IE it only seemed to be a change to the local
> intranet zone.
>
> On the Linux server, I'm only running Squid with the Squid LDAP helper,
am
> not running Samba or winbind. I have read some material which says to
get
> Kerberos working you need to have Samba and winbind working?
>
> At the moment the Squid setup works fine, it queries the Windows AD
> correctly for users and groups they belong to and allows/disallows
access
> to various websites depending on the regex used.
>
> The last stage now is to just get rid of the pop-uop Window asking for
> user credentials. I'm trying to pass those from the browser to Squid. If
I
> have to work on configuring some sort of Samba/winbind setup for
kerberos
> auth I will try that, just need some direction on how to move forward
with
> this. At the moment I'm unsure and the project has stalled because of
it.
>
>> You have a bit of a problem if you want to stop the startup
>> popup. It
>> usually only occurs when the browser has no working login
>> credentials to pass the proxy.
>>
>> You can stop Squid from requesting login details from the
>> browser, but
>> if the browser does not know to send them you are in an
>> even worse mess
>> then.
>
> Yes I understand that. I'm not trying to avoid passing user credentials,
> Squid needs to know these to determine where the users can go on the
> internet, I'm just trying to have the browser pass those "Windows logon"
> credentials to Squid so Squid can use those credentials for the defined
> ACL's.
>
> Any help/advice anyone can give here is appreciated. Thank you.
>
> Michael.
>
>> Amos
>> -- Please be using
>> Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24
>> Current Beta Squid 3.1.0.16
>>
Received on Wed Feb 24 2010 - 00:55:17 MST
This archive was generated by hypermail 2.2.0 : Wed Feb 24 2010 - 12:00:06 MST