NTLM is a Microsoft authentication scheme based on a challenge. Squid now
supports it, and in particular your users are not prompted for login/passwd
as it is done by the browser itself (MSIE).
In order to do that with Squid, squid 2.5 of course, it is now suggested to
use Samba, and in particular the ntlm_auth authenticator which is shipped
with the Samba suite. You'd better to use Samba 3, not Samba 2 to have a
good support on it.
Everything is here: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#winbind
and I remind you that your users *won't* be prompted for a login/password
if they use MSIE
---
Stéphane Davy - Consultant Alcôve
Aquileo García Blancas
<aquileo@unisiamex.com Pour : <sdavy@bics.fr>
.mx> cc :
Objet : Re: [squid-users] Réf. : [squid-users] Extract username and write it to the log file without
15/06/2004 14:42 NTLM?
Thanks by your help. Then I'm triying to implement a schema in wich my
users
type they users and passwords when it is prompted in they MSIE. I had a
previous version (squid-2.4.STABLE7-4) and had the same schema to validate
my users (and worked it). But now with the version squid-2.5.STABLE3-5.3E,
don't work it. So, the only change form the previos version is the
authenticate_program by auth_param (for user's authentication), just like
say in
http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE3-RELEASENOTES.html
page:
authenticate_program
authenticate_children
proxy_auth_realm
Removed. See auth_param.
auth_param
This replaces the authenticate_program directive. It allows configuration
of
multiple authentication helpers, one for each of the supported
authentication schemes. Such schemes include "NTLM", "Digest (from RFC
2617)", and "Basic".
Then, I think that the same schema may work in my new version. Well, with
some changes in it. I hope it's clear all your dubts.
P.D. What's mean NTML?
Aquileo García Blancas
Unisia Mexicana, S.A. De C.V.
Systems Chief
Tel. (52) 728 282 8382
Fax (52) 728 282 8380
e-mail aquileo@unisiamex.com.mx
----- Original Message -----
From: <sdavy@bics.fr>
To: <omar.dedovic@atosmedical.com>
Cc: <squid-users@squid-cache.org>
Sent: Tuesday, June 15, 2004 4:17 AM
Subject: [squid-users] Réf. : [squid-users] Extract username and write it
to
the log file without NTLM?
But what is wrong with NTLM? If your users use MSIE, they won't be prompted
during authentication when using the NTLM scheme, it is transparent and I
think this is what you want, isn't it?
You'll need to setup Samba in order to have NTLM and authentication on
Active Directory, but everything is in the Squid FAQ
---
Stéphane Davy - Consultant Alcôve
omar.dedovic@atosmedic
al.com Pour :
squid-users@squid-cache.org
cc :
14/06/2004 12:23 Objet : [squid-users]
Extract username and write it to the log file without NTLM?
Hi!
Is there any way for squid to "extract" the username that is logged in on
particular machine just by using information
from the browser?
What i basically want to see is username of person that is logged on to the
machine which is using the proxy WITHOUT prompting
users for "extra authentication", and then write it in the access.log
together with all other info (date,dst_url etc).
Example:
User Bob is logged on to domain/AD. He wants to surf on the internet and
starts his MSIE. While he is surfing transparently (no extra auth)
i can extract the username he is logged in with on his machine/domain and
then log this info into the access.log file.
Is it possible?
Alternative solution (without using ntlm auth/extra password prompt)?
thx
Omar
Legal warning
The information in this e-mail is confidential and is intended solely for
the addressee. Access to this e-mail by anyone else is unauthorized. If you
by mistake have received this e-mail, please destroy it and let Atos
Medical
know as soon as possible. Thank you. As changes may be done electronically,
Atos Medical do not have the responsibility for this e-mail or any attached
files, nor am Atos Medical responsible for unauthorized access or changes
of it.
This e-mail message has been scanned for Viruses and Content.
Received on Tue Jun 15 2004 - 11:31:15 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:02 MDT