If i select negotiate/Kerberos as authentication protocol for my Squid on Linux and configure no FallBack Authentication.what would be the consequence ? 1. Isnt it that all of my users who have logged into Active Directory and where browser is supported will be able to use squid? 2. Only those users who will try to use squid from a workgroup giving their domain passoword (domainname/userid) will fail as there will be no fallback aviablable. 3. Is there any other scenario in which these users will not be able to use squid? I would be really thankful if you guide me further as i am failing to understand why a fallback authentication is necessary if it is. What could be the scenario when windows clients have no valid TGT even if they are login to the domain? I hope you can understand me and help me to clear my self. regards, Bilal Aslam
---------------------------------------- > To: [email protected] > From: [email protected] > Date: Wed, 7 Apr 2010 20:17:20 +0100 > Subject: Re: [squid-users] Re: Re: SSO with Active Directory-Squid Clients > > Sorry I knew that but forgot to mention that I was talking about the Unix > version. > > Thank you > Markus > > "Guido Serassio" wrote in message > news:[email protected]... > Hi Markus, > >> If you have a Windows client and the proxy send WWW-Proxy-Authorize: >> Negotiate the Windows client will try first to get a Kerberos ticket > and >> if that succeeds sends a Negotiate response with a Kerberos token to > the >> proxy. >> If the Windows client fails to get a Kerberos ticket the client will > send >> a Negotiate response with a NTLM token to the proxy. Unfortunately > there> is yet no squid helper which can handle both a > Negotiate/Kerberos response >> and a Negotiate/NTLM response (although maybe the samba ntlm helper > can).> So there is a fallback when you use Negotiate, but it has some > caveats. > > This is not true when Squid is running on Windows: the Windows native > Negotiate Helper can handle both Negotiate/Kerberos and Negotiate/NTLM > responses. > > Regards > > > Guido Serassio > Acme Consulting S.r.l. > Microsoft Gold Certified Partner > VMware Professional Partner > Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY > Tel. : +39.011.9530135 Fax. : +39.011.9781115 > Email: [email protected] > WWW: http://www.acmeconsulting.it > > _________________________________________________________________ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
