Still on Squid integration with Active Directory

I wrote a post a few months ago explaining briefly how to integrate a Squid proxy with a Microsoft Windows Active Directory.

While with Windows XP and Vista the single sign on works flawlessly, with Windows 7 it needs a little tweak.

You’ll need to change your a GPO on your AD:

Computer configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options

Find “Network Security: LAN MANAGER Authentication Level”
Set it to “Send LM * NTLM – use NTLMv2 session security if negotiated”

This happens because Squid uses NTLMv2 after version 2.6 but it is Negotiated NTLMv2, rather than
straight NTLMv2 (dunno why). Windows 7 refuses to negotiate by default and accepts only NTLMv2.

You might come across with other issues in some apps like having to authenticate manually, Dropbox is one example but there may be others.

As usual, do this at your own risk!