[squid-users] Squid plugin sponsor

Eliezer Croitoru ngtech1ltd at gmail.com
Fri Feb 11 05:35:02 UTC 2022


Hey Dieter,

I have tried to use the mentioned wiki document to try and re-create a LAB
with AD 2012-2019.
I got stuck with a setup that is not usable in the terms of transparent
authentication.
I have tried on the next OS:
* Debian 10/11
* Ubuntu 18.04/20.04
* CentOS 7/8
* Oracle Enterprise Linux 7/8

I would be happy to try and re-create the lab here and to make sure that
there will be a well documented configuration guide.
If there is a good tutorial or guide I would be happy to try and verify if
it works in my lab.

Thanks,
Eliezer

----
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com

-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of
Dieter Bloms
Sent: Friday, February 11, 2022 06:56
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Squid plugin sponsor

Hello David,

for me it looks like you want to use kerberos authentication.
With kerberos authentication the user don't have to authenticate against
the proxy. The authentication is done in the background.

Mayb this link will help:

https://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos

On Thu, Feb 10, David Touzeau wrote:

> Hi
> 
> What we are looking for is to retrieve a "user" token without having to
ask
> anything from the user.
> That's why we're looking at Active Directory credentials.
> Once the user account is retrieved, a helper would be in charge of
checking
> if the user exists in the LDAP database.
> This is to avoid any connection to an Active Directory
> Maybe this is impossible
> 
> 
> Le 10/02/2022 à 05:03, Amos Jeffries a écrit :
> > On 10/02/22 01:43, David Touzeau wrote:
> > > Hi
> > > 
> > > I would like to sponsor the improvement of ntlm_fake_auth to support
> > > new protocols
> > 
> > ntlm_* helpers are specific to NTLM authentication. All LanManager (LM)
> > protocols should already be supported as well as currently possible.
> > NTLM is formally discontinued by MS and *very* inefficient.
> > 
> > NP: NTLMv2 with encryption does not *work* because that encryption step
> > requires secret keys the proxy is not able to know.
> > 
> > > or go further produce a new negotiate_kerberos_auth_fake
> > > 
> > 
> > With current Squid this helper only needs to produce an "OK" response
> > regardless of the input. The basic_auth_fake does that.
> > 
> > Amos
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users

> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users


-- 
Gruß

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list