RE: [squid-users] ntlm_auth with password prompt

Hi Adrian,

I made these modifications in my squid.conf and restarted squid and samba:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

But no login prompt appears ;-(

/Jimmy

-----Original Message-----
From: Adrian Chadd [mailto:adrian@creative.net.au]
Sent: den 7 september 2006 03:15
To: Guido Serassio
Cc: Jimmy Jonsson; squid-users@squid-cache.org
Subject: Re: [squid-users] ntlm_auth with password prompt

On Wed, Sep 06, 2006, Guido Serassio wrote:
> Hi Jimmy,
>
> At 20.47 06/09/2006, Jimmy Jonsson wrote:
> >I have a little odd question. One of my customers who uses Squid
> >wants the user to be prompted for a password and then let ntlm_auth
> >authenticate the against Active Directory. Is there a way to tell
> >ntlm_auth to always prompt the user for password ?
>
> I think no.
>
> NTLM authentication is some time called "transparent authentication" ....
> :-)
>
> Internet Explorer prompts the user for authentication only when the
> "transparent authentication" fails.

You could just configure basic authentication using the Samba ntlm_auth
helper.
It'll then still authenticate against active directory, but it wouldn't use
NTLM between the browser and squid to do it.

(Some of the caches at work have this setup but I don't think anyone's using
it yet. I'll try it out today.)

Adrian
Received on Thu Sep 07 2006 - 03:13:30 MDT