RE: [SQU] Setting up NTLM as a domain authenticator transparently ?

You've been very helpful so far, wondering if you could explain a little
furthur,

1. Does samba need to be installed to communicate with the domain
controller?

2. What should the acl line look like to verify aguinst a group in the
domain?

3. Does the old authenticate_program_ntlm still apply or should we be using
the auth_param ntlm /usr/local/bin/ntlm_auth domainname/IPofDomain?

4. is theire anything we're missing here on our end?

Your help s greatly appreiceated in defeating that which is MS Proxy 2.0

-----Original Message-----
From: Craig Fels [mailto:csfels@swbell.net]
Sent: Monday, February 26, 2001 1:24 PM
To: Adam Shields - PSG; squid-users@ircache.net
Subject: Re: [SQU] Setting up NTLM as a domain authenticator
transparently?

The helper you are looking for is NTLMSSP. You specify the
domain\domaincontroller on the ntlm program line of squid.conf

Make sure you are using IE4 or later for NTLM support. I had the problem
you mentioned (popup for password) on IE5.01 with squid 2.4 with the NTLM
patch. The 2.5 head snapshot from 2/20/2001 fixed that problem.

Craig

----- Original Message -----
From: <Adam.Shields@psg-pinkerton.com>
To: <squid-users@ircache.net>
Sent: Monday, February 26, 2001 11:23 AM
Subject: [SQU] Setting up NTLM as a domain authenticator transparently?

> I got the cache up and running, it's beautiful, what's on my mind now, is
> weather or not squid can act as a truly transparent NTLM authenticator, we
> got it working in the past to do NTLM auth, but it popped up a username
and
> password box, is there a helper out there that will take the hash and
verify
> it against the domain controller? If so, what is it and how do I go about
> setting it up?
>
> Thanks in advance for any help.
> Adam Shields
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html