[squid-users] Fwd: NTLM LDAP authentication problem

Rafael Akchurin rafael.akchurin at diladele.com
Mon Nov 16 17:00:30 UTC 2015

Hello Matej, Eugene,

Hope our humble tutorial for Squid <-> Active Directory integration with Kerberos SSO, Basic(LDAP) auth is also useful - http://docs.diladele.com/administrator_guide_4_3/active_directory/index.html 
No NTLM though!!!

Best regards,
Rafael Akchurin
Diladele B.V.

Please take a look at Web Safety - our ICAP based web filter server for Squid proxy

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Eugene M. Zheganin
Sent: Monday, November 16, 2015 4:49 PM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Fwd: NTLM LDAP authentication problem


On 16.11.2015 19:51, Matej Kotras wrote:
> Thank you for your response, as this is my first try with Squid, and 
> fairly newb in Linux.
> I do not understand at all differences between basic/ntlm/gss-spnego 
> auths so I will do my homework and read about them. I've managed to 
> get this working after few weeks of "trial and error" method (I know, 
> I know, but I gotta start somewhere rite) following multiple guides.
The usual issue with all those copy/paste tutorials is that they tend to teach how to do everything at once, instead of moving from simple things to more difficult ones. This order of simplicity/difficulty is the

- adding Basic authentication, all authenticated users are authorized to use proxy
- adding NTLM authentication, all authenticated users are authorized to use proxy
- adding group-based authorization, authenticated users are authorized to use proxy basing on the group membership, using simple helper like squid_group_ldap
- adding GSS-SPNEGO authentication
- adding full-fledged GSS-SPNEGO group authorization helper.

You can try my article,
http://squidquotas.hq.norma.perm.ru/squid-auth.shtml. Though it's not perfect and still lacks two last steps, at least it tries to follow that approach.

squid-users mailing list
squid-users at lists.squid-cache.org

More information about the squid-users mailing list