[squid-users] Re: authenticate to pam's DB on squid machine with NTLM

From: Brian J. Murrell <brian_at_interlinx.bc.ca>
Date: Tue, 24 Dec 2013 13:10:49 -0500

On Tue, 2013-12-24 at 13:42 +0000, Markus Moeller wrote:
> Hi Brian,

Hi Markus,

> Based on my knowledge it is not possible to use negotiate ( Kerberos or
> NTLM ) without AD/Samba.

Yeah, I guess I mis-represented my limitations. I don't mind setting up
a Samba PDC if that's necessary. Where the limitation comes in would be
in requiring the Windows users to join a domain here, just to use Squid.
I can't require (nor do I want to, TBH) the Windows users join a domain.
Their laptops should remain in purely local-authentication mode entirely
with any username/password required for Squid to come in the form of a
browser (or other application) pop-up.

Given the lack of ability to require joining a domin, I wonder how much
of a complete AD configuration I need in Samba.

I did restate this in a message I sent to the list in response to Amos'
message but it does not seem to have been posted yet. I wonder if it's
gotten lost on the way.

So I guess the most pressing question becomes, can a Windows machine
authenticate to Squid using NTLM[SSP] without joining a domain?

Cheers,
b.

Received on Tue Dec 24 2013 - 18:11:07 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 25 2013 - 12:00:05 MST