On Mon, 2003-04-14 at 02:47, Mike Diggins wrote:
> >>On Thu, 2003-04-10 at 11:24, Mike Diggins wrote:
> >> Just got NTLM working with Squid 2.5S2. When I'm not using NTLM, how do
> >>I
> >> tell squid to always assume the domain is DM1 (example). I often get
> >> prompted for a domain from clients not logged into DM1. Is there anyway
> >>to
> >>> tell squid to always assume it's DM1?
>
> >No. The clients specify what domain they are authenticating to. If they
> >aren't logged into DM1, and there is no trust relationship, their login
> >will fail.
>
> Just to be sure I understand. I connect to my test proxy server from home
> where I'm running XP and not logged into domain. IE 6 prompts me for a
> username and password. I enter the correct ones then it prompts me again
> this time with CHEWY\diggins already filled in for the username and my
> password also filled in. I change CHEWY to DM1 (DM1\diggins) and it lets
> me in. My home computer is named CHEWY :)
Is it a two line, or a three line password dialog?
>
> Is there no way that I can get just the single login box with a simple
> username and password prompt? Most of my users will not be able to use
> NTLM and for them I'm relying on the basic authentication. However, if
> they get prompts like this there not going to know what's going on. Am I
> out of luck?
Well, for basic auth, there is no domain at all ;]. That said, the
convention DOMAIN\USER will often work if the back-end authenticator
supports it. I'd guess that whats happening here is your workstation is
trying NTLM, finding that fails, then prompting you with basic auth, and
that works. The double prompt is quite likely part of IE6's brokenness
with respect to authentication - MS appear to have tried many variations
on a theme, with the most broken variation IE6SP1.
Rob
-- GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:57 MST