RE: [squid-users] Certain applications when using NTLM auth

> -----Original Message-----
> From: Henrique Machado [mailto:henrique.cicuto_at_gmail.com]
> Sent: Monday, 02 February, 2009 06:49
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Certain applications when using NTLM auth

> But, some applications, APT being a very simple example (and one of my
> headaches) can´t ask for an input. And even configuring it to send
> user´s credentials doesn´t seen to work (Squid keeps replying with
> 407).

You will always get 407 replies with NTLM authentication. It is just how the protocol is designed.

> I presume that the behavior "wait until I ask for auth credentials" is
> necessary for the complete functionality, so Squid just ignores the
> info that´s initially sent.

Apt as in the Debian apt tool? I have a variety of Debian boxes (used to be Sarge, now Etch and Lenny) that authenticate to squid via NTLM, and this "just works" for me:

Set up an /etc/apt/apt.conf file like this:

Acquire::http::Proxy "http://username:password@10.11.12.13:3128/";

Where username and password are for a service account you create in active directory. You can use a human's account, but the password will be in plaintext with the apt.conf file, so I don't suggest it. Easier to create a service account and then just tightly lock it down in AD. (All you need is that the squid proxy can authenticate to it.)

And of course 10.11.12.13:3128 is whatever IP address/port your Squid lives on.

If you've already done this and it doesn't work, maybe there's a typo. I've used apt with NTLM for years and it has been rock solid.

And of course if it is another apt you're talking about, none of this applies. :)

James
Received on Mon Feb 02 2009 - 18:57:06 MST