RE: [squid-users] Confused on NTLM Passthrough

I know the 2.7 and 3.1 code support the pass-through authentication. Beyond that I'm not sure.

You will need the login=pass in the cache_peer line and should also set the persistent_connection_after_error parameter to 'on'. I have used this configuration with a microsoft ISA proxy.

Jeff F>

-----Original Message-----
From: Matt Weisberg [mailto:matt_at_weisberg.net]
Sent: Friday, October 16, 2009 1:54 PM
To: squid-users_at_squid-cache.org
Subject: [squid-users] Confused on NTLM Passthrough

I have a situation where I'd like to use squid as a proxy cache in
front of another proxy (Scan Safe) that uses NTLM authentication.
I've been trying to determine if squid can properly pass through the
NTLM authentication. Unfortunately, I'm quite confused as to if this
is possible or not. There seems to be ton of conflicting information
on this. Basically, I want this:

User (authenticated to AD Domain) --> Squid --> Scan Safe (requiring
NTLM auth)

 From what I can gather, I think this should work if I setup the cache
peer with login=pass, but I'm not sure. Basic auth is NOT allowed,
NTLM is required. It also seems that only certain versions of squid
properly support NTLM pass through. Is that correct? If so, which
versions?

Thanks.

Matt

***
The information in this e-mail is confidential and intended solely for the individual or entity to whom it is addressed. If you have received this e-mail in error please notify the sender by return e-mail delete this e-mail and refrain from any disclosure or action based on the information.
***
Received on Fri Oct 16 2009 - 19:21:21 MDT