RE: [squid-users] Automatic MSNT Domain Authentication.

From: Chemolli Francesco (USI) <>
Date: Wed, 21 Mar 2001 16:16:35 +0100

> Hi,


> I have just got MSNT authentication up and running to the
> point that on
> opening a browser the user is asked to authenticate to their domain.
> This is great as it enables us to log the username in the access.log,
> something very important when you have a university full of
> mischievous
> students. We currently have a systems for this but it
> involves a great deal
> of trawling through various NT/Novell logs.
> What I would like to know is if it is possible to auto
> authenticate to a
> domain, so that those users who have NT domain accounts (and
> have therefore
> authenticated to the domain on login) don't have to
> re-authenticate each
> time they open a browser.

Yes, but only with the daily snapshots of the NTLM branch of Squid 2.5
or from CVS-sourceforge (tag: auth_rewrite or ntlm).
BTW: this is only possible with Internet Explorer, 4 or 5, on
win32 platforms.

> Something else I'd like to know is if there is any way of
> authenticating to
> an unknown domain, eg. If someone wants to publish to a
> remote FrontPage
> server using NTLM.

I am not sure if I understand you correctly, but if I do,
it's not possible. NTLM cannot go throught a proxy by
design, as it required end-to-end state, which obviously
a proxy can't provide.

> Could the transparent proxying ability of
> netfilter in
> Linux kernel 2.4 solve this?

No. It can't be used with proxy-authentication at all, since
the clients will get unexpected answers and freak out.

Received on Wed Mar 21 2001 - 15:21:32 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:46 MST