[squid-users] Squid Authentication
Amos Jeffries
squid3 at treenet.co.nz
Mon Aug 15 10:40:13 UTC 2016
On 15/08/2016 10:19 p.m., Marcio Demetrio Bacci wrote:
> In my network I have Windows and Linux computers.
> I tried the NTLM authentication method, but is experiencing many problems.
FYI, Microsoft deprecated NTLM in 2006 and all software produced by them
since has been migrating towards Kerberos-only support. Since that is a
decade ago you can expect a lot of trouble with recent Windows machines
doing NTLM-only auth.
Try Negotiate/Kerberos authentication instead. It does all the things
NTLM claimed to provide, faster and in a more secure way.
> So I wonder if the authentication method "squid_ldap_auth" is designed for
> Windows and Linux stations?
>
The auth helper is just a way of connecting Squid to the auth backend
system. In your case probably AD, right?
Any of the helpers that run on the Squid machine OS and connect to AD
will "work" as they are designed to - but that says nothing about
whether they do suits your setup needs.
The LDAP helper you mention runs on Linux or BSD and connects to AD
using the LDAP database protocol. That is all. AFAIK, unless things have
changed recently AD itself restricts the LDAP interface to only
servicing Basic authentication credentials or group checks.
PS. if that is the helper installed with your Squid then you need to
upgrade. That has not been the official helper name since Squid-3.1
which is long ago deprecated.
Amos
More information about the squid-users
mailing list