Hierarchy (RE: Micro$oft Authentication)

From: Jimenez Vallina, Juan <JJimenez@dont-contact.us>
Date: Mon, 20 Apr 1998 10:04:59 +0200

Hi, Rui.

I've interesed on your hierarchy cause we also planning to install a
similar estructure. I'm looking for a solution to have a Internet proxy
on the Internet DMZ and 14 intranets proxys . Each intranet proxy must
be "responsible" for its client's "out of subnet's limit intranet
request" of its subnet (we have a intranet web server in each location
with is own public intranet content) and acting as peer for "Internet
request" asking only the Internet Proxy if objetct not found. The added
problem is that we NO HAVE DNS servers (Outch ;-((( ), all
configurations must be on IP's.

 How i can setup the squid.conf ??. We are testing with Squid 1.1.20.
and using public IP range (172.28.*.* - 172.31.*.*) on our WAN.

About NTLM authentication:

I'm similar problem (NT domains and planing restriction by logon - or IP
:-?? ). I'm thinking don't be problem cause IE can send user/password
in plain ascii (or openning a dialog box instead) and we must config the
same user/password on the NT SAM and squid.conf for user authentication
(the problem can appear when the user change his NT password). i`ll do a
test and return the conclusions.


Juan Jiménez Vallina
  Sistemas de Información
  Tlf.+34 (942) 246000, ext. 2638
 e-mail: jjimenez@viesgo.es

> -----Mensaje original-----
> De: Rui.Bastos [SMTP:Rui.Bastos@seg-social.pt]
> Enviado el: domingo 19 de abril de 1998 17:19
> Para: 'squid-users@nlanr.net'
> Asunto: Micro$oft Authentication
> Hash: SHA1
> Dear Squiders,
> Our organization in planning to deploy a hierarquichal organization
> of proxies around 18 cities, with the internet gateway access on the
> main site.
> I was planning using several squids with sibllings and parents but I
> come to the following problem: all users use Windows 95/NT and the
> Micro$oft proxy server supports authentication by the "NT itself" (I
> think this is called NTLM authentication), without the need for and
> adicional user/password. Our Microsoft Evangelistas claim that it's
> best to have a Microsoft Proxy Server :( because of this feature
> My question is: is it possible to have Win95/NT (with Internet
> Explorer or Netscape) users authenticated by some Windows NT Server?
> Is there any other "better sollution" than using a user/password or
> ACL by ip address to perform user authentication?
> - --
> Rui Bastos (mailto:rui.bastos@seg-social.pt)
> Version: PGPfreeware 5.5.3 for non-commercial use <http://www.pgp.com>
> iQA/AwUBNToT8/NcmSxWswoKEQJwVQCfXALy9bji+s4kFdFnRzqKX6DbfzUAmgL2
> o6YENioZ8mhGhr4oprBz5y7m
> =aHq1
Received on Mon Apr 20 1998 - 01:15:29 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:46 MST