Re: [squid-users] squid with NTLM www-Authenticate

From: Henrik Nordstrom <>
Date: Tue, 20 Nov 2001 17:44:19 +0100

Stephan von Krawczynski wrote:

> > What you want is not possible. NTLM logins cannot be proxied.
> Well, lets try a different approach: can you think of any setup to enable
> clients behind a squid (and inside a private network) to get their hands on an
> IIS performing www-authentication - besides direct IP connection via NAT?

If the IIS has Basic ("plain text") authentication enabled then no
problems. If it only has NTLM authentication enabled then you have
problems as NTLM authentication cannot be proxied.

What you can do is to set up a TCP plug, giving the NTLM-only web server
a virtual IP address on your local network, where any TCP connections
sent to this IP is forwarded to the real server.

> > What has been
> > added to 2.5 is the ablilty to perform a NTLM login to the proxy.
> Something the like could be done with smb_auth in previous releases, too.

Not quite. The NTLM authentication scheme is not the same thing as Squid
verifying the users Basic scheme username and password to a NTLM

Henrik Nordström
Received on Tue Nov 20 2001 - 10:10:28 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:04:21 MST