[squid-users] Problems with ntlm authentication from teddy.saporte@dont-contact.us on 2004-09-01 (squid-users)

From: <teddy.saporte@dont-contact.us>
Date: Wed, 1 Sep 2004 14:39:54 +0200

Hi all

I want to make a proxy from windows user to another proxy. The other proxy
made authentication with Windows ID. I want to make an automatic
authentication when a client use Internet Explorer. I don't want that
users must send their personnal ID manually for squid for the other proxy

user --------------------->squid------------------------->proxy

For the moment, I use samba 2.X like FAQ 23.5

The authentication works fine with squid but the other proxy ask me to
authenticate me manually. I don't know if it is my conifiguration which
it's bad or If it is impossible to squid to send ntlm authentication to
another proxy.

For the moment, I made nltm authentication for squid and I have create a
generic user and use it to send a login and a password to the other proxy
and he works fine. But this is only the last solution, if you have a better
solution to do this it will be fantastic.

For the moment I use squid-2.5 but I want to use squid 3. With squid 2.5 my
idea (generic user) works good, with squid3 it works good with one user, I
don't made a lot of tests but it seems he doesn't work good if more than
one user use the squid proxy.

This is a part of my configuration file for squid 2.5

auth_param ntlm program /usr/local/squid2/libexec/wb_ntlmauth
auth_param ntlm children 1
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/local/squid2/libexec/wb_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

cache_peer proxy.snm.snecma parent 3128 0 no-query proxy-only
login=generic-user:password

acl all src 0.0.0.0/0.0.0.0
acl auth proxy_auth REQUIRED

http_access deny !auth

This is a part of my configuration file for squid 3

#
Ce courrier et les documents qui y sont joints peuvent contenir des informations confidentielles.
Au cas ou vous n'en seriez pas le bon destinataire, vous etes prie de le detruire et de nous en
informer immediatement.

This email and any attached documents may contain confidential information. If you are not the
correct addressee, please advise us immediately and delete it.
#

...
Received on Wed Sep 01 2004 - 06:46:16 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:01 MDT