I'm still not what sure what you mean; do you mean clients will speak NTLM to
the intranet server but have squid configured as a web proxy?
Adrian
On Tue, May 16, 2006, Baumgaertel, Oliver wrote:
>
>
> We have several layers of Proxies:
>
> User -> Region -> Region -> inner farm -|Firewall|-> DMZ farm
> -|Firewall|-> Internet
> User -----------> Region ->
> User --------------------->
>
> We do all our authentication/authorisation and filtering based on
> user/group in the inner farm. Currently we mainly do authentication
> based on the IP adress(-range) (around 95%) and only very few users are
> authenticated via NTLM. However, we are under orders to change that in
> the foreseeable future to pure NTLM. So that'll be for Proxy
> authentication, server NTLM is only done within the intranet itself and
> that's taken care of in the proxy settings of the clients.
>
> BlueCoats for example allow such a scenario with a thing called "NTLM
> forwarding". As far as I am aware that's not possible with Squid right
> now. So I wonder if that'll be part of the upcoming Stable 2.6/3 as
> we've to start planning for the nescessary changes rather soon.
Received on Tue May 16 2006 - 09:36:14 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:04 MDT