Re: [squid-users] Transparent & ident

From: Robert Collins <robert.collins@dont-contact.us>
Date: 04 Aug 2001 08:44:18 +1000

On 03 Aug 2001 22:48:07 +0200, Leo Mrafko wrote:
> On Fri, 3 Aug 2001, Adrian Chadd wrote:
>
> > Ident and transparent proxying don't mix.
> > The ident protocol identifies a connection by supplying the remote
> > and local port numbers for the client to return a username for.
>
>
> Thanks very much for exhaustive answer. Maybe I should extend my question
> a bit: O my local network Windows users get authenticated against Samba
> server. I'd like to have minimum setup tasks on the Windows boxes with
> maximum performance. I could use proxy.pac autoconfig from my www-server,
> i have it already configured, but I find transparent proxy to be more
> beutiful. It is a school network, so I need to log pupils activities. But
> I don't want to bother users with any more password checking beyond
> windows network logon. Can this be done using ntlm auth ? Maybe I could do
> some more automated setup using Samba's netlogon scripts - it could write
> something into windows registry, some setup for Explorer (possibly mostly
> used) etc. Btw. don't you know what does Explorer's "Automatically detect
> setting" option mean ?

For "Autodetect" see the squid FAQ under wpad. For any sort of
authentication/user detection, you need to turn transparent proxy off.
(The same logic applies for anything trying to query the client when
it's pretending to bethe web server - the client won't trust it.)

Rob

> Thanks,
>
> --
> Leo Mrafko
>
>
Received on Fri Aug 03 2001 - 16:41:31 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:28 MST