On a CentOS 5.4 Machine I tried Squid Proxy Authentication with the help of the following external authentication programs,
1.mysql_auth with mysqldb
2.squid_radius_auth using freeradius users file
3.squid_radius_auth using mysql db
4.squid authentication against Active Directory
Squid prompts for username/password and if user provides that correctly he is able to browse.Success?!! well not really am stuck with the following two annoying problems in all of them. I searched the net but seems like am the only one having these problems.
1. When a user uses Internet Explore 6 & 7 browsers it prompts for username/password authentication for every new window that he opens. This however does not happen with Firefox or Opera.Also if I use tabbed browsing in IE7 this does not occur.
2.I created three users (test1,test2,test3) for testing. If user "test1" logins using a browser say Firefox another user "test2" in our case is also able to login using, lets say Opera and user "test3" in Google Chrome on the same Windows XP machine at the same time. Only one username/password should be able to used even across multiple browsers per system or ip. Please help me out am tearing my hair over this.
Squid Versions : Squid Cache: Version 2.6.STABLE21 (came with CentOS 5.4)
Squid Cache: Version squid-126.96.36.199-1 (created rpm from source tar.gz)
Am a student Network Administrator in our college. I implemented "Squid NTLM based Authentication" against Windows 2003 based Active Directory using "ntlm_auth" external authentication program (that came with Samba). After unsuccessfully trying many "Basic Authenticators" (mysql_auth, squid_ldap_auth, squid_radius_auth etc.,) I implemented this scheme of authentication. Unsucessfull becaue Internet Explorer (unfortunately which the majority of students use) wouldn't work with "Basic Authenticators by asking "Username/Password" for every new window of IE he/she opens. Now I was wondering whether one can replace Active Directory with "OpenLDAP" or "Fedora Directory Server" integrated with Samba and use "ntlm_auth" against them. This would be a true open source based solution. Your suggestions are eagerly awaited.:D
Please don't post under multiple accounts because doing so causes confusion for those that try to help you.
Edit: the first account (which had fewer posts) has been banned leaving you able to post from the second account.