We are currently looking to replace BM (with it out of support soon) and go down the Squid route for a Proxy replacement with a separate firewall.

I have the current rules setup in BM with Clienttrust to verify users based on allowed access and also for logging. I have been testing Squid and found you can authenticate users via a LDAP Server which I have got working (instead of just IP based) and usernames appear in the access log.

Yet everytime I open a web browser I am asked to authenticate and login. Has anyone else migrated from BM to Squid and have any useful knowledge to share if they have kept it based on user login access? Is there a set of commands to detect users are already logged into eDirectory so they don't have to login everytime as we don't want to install single sign on software on every users PC just for this.

Many thanks in advance,