Re: [squid-users] Certain applications when using NTLM auth from Henrique Machado on 2009-02-03 (squid-users)

From: Henrique Machado <henrique.cicuto_at_gmail.com>
Date: Tue, 3 Feb 2009 10:09:53 -0200

Dear James,

Thanks for the attention. Yes, I´m talking about Debian APT Tool =].
And I´ve already configured apt.conf so to use the proxy, adding
username and password in it, but even so it´s not working, and my
proxy keeps returning HTTP 407.
Tried creating a user "me" with password "123456" inside my AD domain,
and it´s not working as well.
Maybe something in my Squid auth configuration, but I´m not sure.

2009/2/2 James Zuelow <James_Zuelow_at_ci.juneau.ak.us>:
>
>> -----Original Message-----
>> From: Henrique Machado [mailto:henrique.cicuto_at_gmail.com]
>> Sent: Monday, 02 February, 2009 06:49
>> To: squid-users_at_squid-cache.org
>> Subject: [squid-users] Certain applications when using NTLM auth
>
>> But, some applications, APT being a very simple example (and one of my
>> headaches) can´t ask for an input. And even configuring it to send
>> user´s credentials doesn´t seen to work (Squid keeps replying with
>> 407).
>
> You will always get 407 replies with NTLM authentication. It is just how the protocol is designed.
>
>> I presume that the behavior "wait until I ask for auth credentials" is
>> necessary for the complete functionality, so Squid just ignores the
>> info that´s initially sent.
>
> Apt as in the Debian apt tool? I have a variety of Debian boxes (used to be Sarge, now Etch and Lenny) that authenticate to squid via NTLM, and this "just works" for me:
>
> Set up an /etc/apt/apt.conf file like this:
>
> Acquire::http::Proxy "http://username:password@10.11.12.13:3128/";
>
> Where username and password are for a service account you create in active directory. You can use a human's account, but the password will be in plaintext with the apt.conf file, so I don't suggest it. Easier to create a service account and then just tightly lock it down in AD. (All you need is that the squid proxy can authenticate to it.)
>
> And of course 10.11.12.13:3128 is whatever IP address/port your Squid lives on.
>
> If you've already done this and it doesn't work, maybe there's a typo. I've used apt with NTLM for years and it has been rock solid.
>
> And of course if it is another apt you're talking about, none of this applies. :)
>
> James
>
Received on Tue Feb 03 2009 - 12:09:59 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 03 2009 - 12:00:02 MST