RE: [squid-users] RE: Squid NTLM - Dont want users to have to enter domain

From: Almighty <almighty0_at_gmail.com>
Date: Thu, 18 Aug 2011 12:57:14 +0100

Hi Amos,

Thanks for your reply.

I was hoping that I could inject the domain name somehow when the
credentials are being submitted. I can see now it's very much a Samba
related query,

Regards,

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: 18 August 2011 12:48
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] RE: Squid NTLM - Dont want users to have to enter
domain

On 18/08/11 21:52, Almighty wrote:
> Hi,
>
> Transparent NTLM authentication works great on our site and running on 5
> proxy servers.
>
> However we are having an increasing number of clients who are not on the
> domain (E.g. Mac labs).
> Is there any way that these non-AD end users could get prompted for just
> their "username& password" instead of "DOMAIN\username& password".
>
> Many thanks in advance,
>

Well, considering that NTLM is a protocol which operates by
authenticating that users are members of a domain. How do you expect
that would work?

IIRC the Samba ntlm_auth provides "--domain=DOMAIN" option to force
verification of all users against a certain domain (enabling no domain
on the popup). It is up to the client software to obtain the right
security tokens that domains DC will accept. Squid cannot do anything
about that.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.14
   Beta testers wanted for 3.2.0.10
Received on Thu Aug 18 2011 - 11:57:23 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 18 2011 - 12:00:04 MDT