Re: [squid-users] NTLM authentication on intranet

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 10 Dec 2001 11:11:20 +0100

NTLM cannot be proxied, only tunnelled.

New versions of IE apparently correctly denies the use of NTLM when using a
proxy.

Using NTLM over the Internet is not what NTLM is intended for.

If you are using a PAC script to tell IE that it must go direct to your
intranet sites requiring NTLM, then it should, and should agree on performing
the NTLM authentication. If it does not then there is either a bug in your
PAC script, or in IE.

always_direct in squid.conf has no relation to the discussion. Only tells
Squid how Squid may connect to the servers, and is only of relevance when you
have peer caches/proxies (cache_peer directive).

Regards
Henrik Nordström

On Monday 10 December 2001 10.10, Van Bossche Koen wrote:
> Hi all,
>
> Is there any solution or possible bypass for this known problem to still
> use squid and have the NTLM 3-line logon on intranet pages active? I am
> using a script to go direct to the intranet and configured squid with
> always_direct for it.
>
> Problem :
> Even with the exlusion list, the proxy still not allows NTLM pass-through.
> Because IE will not even attempt authentication if it sees it's going
> through a proxy.

-- 
MARA Systems AB
Giving you basic free Squid support
Priority support or Squid enhancements available on request
Received on Mon Dec 10 2001 - 03:26:41 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:17 MST