RE: [squid-users] pass-thru authentication with radius

From: Van Bossche Koen <Koen.VanBossche@dont-contact.us>
Date: Fri, 12 Apr 2002 11:50:31 +0200

>> Our people in the US have build an intranet with authentication (for a
>> document archive) using RADIUS to authenticate.
>> If I would setup a RADIUS-authentication to squid (I believe I read it is
>> possible) for our NT users, is it then possible to set it up so that for
>> this intranet authentication radius is being used completely transparent.
>> So that those NT credentials are pulled automatically through the
browser,
>> authenticated and the user is allowed to access whatever their group is
>> permitted to access.

>How does RADIUS come into the picture with NT credentials?

>> Does anybody have some experience with that?

>>For automatic NTLM login (such as provided by MS IIS for MS IE users), see

>>Squid-2.5.

In the US they are of the principal : If it is not commercial, it cannot be
good.
They had squid for proxying and ran well except for their intranet.
This intranet was built with Xpedio which requires NTLM v1.0 authentication.
Oktober/November we had NTLM auth installed. It worked a bit of buggy, too
many popups.
It did not work for there intranet, we also tested
with a script on a other server to point direct to the intranet in stead of
using the proxy for that.
But still it seemed the squid was involved, it did not work. It worked
however without using
any proxy in the browser config.
The best we got was with smb_auth for squid to auth. However when the first
user authenticated all other users then took this users credentials.

We went back and they now tested Cacheflow along with Smartfilter as a
product to replace squid.
This works flawlessly with NTLM authentication.
They now have setup RADIUS for all Internet users. With Radius those users
can use the same credentials (NT) they use to log on to their NT PC's.
The Cacheflow product they have tested is completely transparent (is what
they said). The users NT credentials are pulled automatically through the
browser, authenticated and the user is allowed to access whatever their
group is permitted to access.
Received on Fri Apr 12 2002 - 03:51:07 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:32 MST