ons 2010-03-31 klockan 01:07 +0000 skrev Diego Lima:
> The browser software is Microsoft Internet Explorer 7 and 8, however
> I've not been able to track down what causes that since only a few
> users are having problems.
Do these users experience the same problem if they log on to a computer
where you know other users authenticate fine to the proxy?
My initial reaction is that perhaps the computers these users are using
is not domain members but operating in workgroup mode.
> Is there any way I can get squid to force authentication against a
> certain domain, even if the browser supplies wrong credentials?
That would be a Samba question when using the Samba helper, not Squid..
Squid just relays the NTLMSSP auth handshake blobs between browser and
backend, not looking into what they contain. All parsing, decoding &
processing of the NTLM handshake is done by the auth helper.
But I don't think you can alter the domain and still have successful
authentication. Doing so most likely breaks the credential cryptographic
hash function of NTLMv2.
Regards
Henrik
Received on Wed Mar 31 2010 - 19:18:30 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 12:00:05 MDT