Re: [squid-users] Workaround with NTLM Website and NAT

From: Guillermo Gomez <ggomez@dont-contact.us>
Date: Thu, 09 Feb 2006 11:20:24 -0400

Mark Elsen wrote:

>>My situation is simple:
>>
>>A web site is using NTLM authentication ans ask the user for credentials
>>(without squid).
>>Our squid goes out trhough a NAT connection, then when the user tries
>>with squid configured, and IIS error shows up in the browser saying:
>>
>>You are not authorized to view this page
>>
>>You do not have permission to view this directory or page using the
>>
>>credentials that you supplied because your Web browser is sending a
>>
>>WWW-Authenticate header field that the Web server is not configured to
>>
>>....
>>
>>
>
> http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14
>
> Some extracts from this FAQ section :
>
>+We cannot proxy connections to a origin server that use NTLM
>authentication, but we can act as a web accelerator or proxy server
>and authenticate the client connection using NTLM.
>...
>
>+The protocol has several shortcomings, where the most apparent one is
>that it cannot be proxied.
>....
>
>M.
>
>
:( so basically there's no working solution for proxying this kind of site.
The only workaround we have is to configure the clients to not proxy
this site and them configure my nat/firewall to let this GET go through,
but this solution avoids completely squid controls and push our team to
configure more than 400 stations.
Anyone has a better solution ?

Guillermo
Received on Thu Feb 09 2006 - 08:20:49 MST

This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST