On 2/21/07, Adrian Chadd <adrian@creative.net.au> wrote:
> On Tue, Feb 20, 2007, Chris Nighswonger wrote:
> > Hi All,
> > I am sure that this must be a common issue with proxys and NTLM.
> > (yuk..) My users run a variety of apps which desire to access the
> > internet. Many of them do not play well with NTLM auth. I have been in
> > the practice of simply using squid ACLs to permit access to these apps
> > without authentication based on their destination domain. I am
> > wondering what ways others have used to address this issue and would
> > like to hear them. Or perhaps this is the best way.
>
> Which version of Squid are you using? Squid-2.6 improves on this quite
> a lot.
2.6.STABLE9
Some of these apps have in their proxy settings the option to enter
username/password. However, it looks as if they are passing these
credentials off *basic* auth style.
Below are my auth_param settings for both ntlm and basic. It seems
that I have seen somewhere in this list a post which showed using the
squid 'ntlmssp' helper as the 'basic program' setting. Perhaps this is
what I need to do so that when the app passes basic auth credentials
they are checked against the DC?
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 17
auth_param ntlm keep_alive on
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 2
auth_param basic realm Campus Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
This issue is especially acute with anti-virus client updates.
Thanks for the assistance.
Chris
Received on Wed Feb 21 2007 - 08:34:01 MST
This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST