[squid-users] Automatic Windows user authentication

From: Kalle Andersson <kan@dont-contact.us>
Date: Fri, 5 Oct 2001 19:00:29 +0200

Hi all...

I'm trying to set up automatic authentication for users running IE on
Windows 2000. I see from a previous discussion on this list that it has been
done.
Just be sure I understand, using NTLM and MSNT authentication the user won't
need to log in manually for the proxy unless the user is using a browser
that is not IE 5 or newer, basically having logged in to the NT Domain
should be suffient?

The basic MSNT authentication works fine. I'm presented with the login
prompt from IE, typing my username and password for the NT Domain allows me
access.

I'm trying to do the same but I'm failing. Using the configuration below I'm
asked to log in to proxy.
I'm running Internet Explorer 5 under Windows 2000.
PDC and BDC are Windows 2000 servers.

Squid is the latest (head-20011004) running on a Slackware 7 linux.
These are the variables I used with the configure script.

--prefix=/usr/local/squid25
--enable-auth="basic,ntlm"
--enable-basic-auth-helpers="MSNT"
--enable-ntlm-auth-helpers="NTLMSSP"

Here are the relevant lines in my squid.conf

auth_param ntlm program /usr/local/squid25/libexec/squid/ntlm_auth -b
domain/dc1 domain/dc2
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/local/squid25/libexec/squid/msnt_auth
auth_param basic children 4
auth_param basic realm W2Kdomain
auth_param basic credentialsttl 5

acl internal 192.168.1.0/255.255.255.0
acl password proxy_auth REQUIRED

http_access allow internal password
http_access deny all

--
Best regards
Kalle Andersson
kan@gronaverket.se
Received on Fri Oct 05 2001 - 11:00:33 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:37 MST