Re: [squid-users] Squid configuration for NTLM

From: Prashant K.S <ksprashant_at_yahoo.com>
Date: Wed, 2 Jun 2010 22:10:54 -0700 (PDT)

Hi Amos, Thanks for the suggestion. I guess I would be able to partially validate my client with this approach. Is there any publicly hosted squid proxy which provides full NTLM authentication that I can make use of? Regards, Prashant ----- Original Message ---- From: Amos Jeffries <squid3@treenet.co.nz> To: squid-users@squid-cache.org Sent: Thu, 3 June, 2010 9:55:29 AM Subject: Re: [squid-users] Squid configuration for NTLM On Wed, 2 Jun 2010 20:56:42 -0700 (PDT), "Prashant K.S" <ksprashant@yahoo.com> wrote: > Hi Amos, > > One more question. > > My primary purpose is to test a NTLM client that I have developed against > Linux Squid proxy. > > If I cannot configure squid proxy, is there any openly available squid > proxy that uses NTLM and for which I can register myself and get a user > name and password which I can use for authentication and test my NTLM > client. > > Regards, > Prashant Oh, that is a different prospect. If you are just testing that the protocol coding etc is valid you can use the fakeauth NTLM helper: http://wiki.squid-cache.org/ConfigExamples/Authenticate/LoggingOnly#NTLM_Authentication It does NTLM challenges with random tokens and validates the client reply blobs are self-consistent, but does not use any domain to check the coded password/username actually match valid ones. If the authentication blobs or connection handling are broken they will show up with this handler. If you need deeper checks the that username/token were being transferred from the client to DC, then you will need a full real domain linkage setup. Amos > > ----- Original Message ---- > From: Prashant K.S <ksprashant@yahoo.com> > To: Amos Jeffries <squid3@treenet.co.nz>; squid-users@squid-cache.org > Sent: Thu, 3 June, 2010 9:11:09 AM > Subject: Re: [squid-users] Squid configuration for NTLM > > Hi Amos, > > The domain I am talking about is my office network domain and my computer > cannot be a part of that domain. Is it possible to host myself a domain or > be a part of some domain that is available in open(Not sure how risky is > it). > > Regards, > Prashant > > > > > ----- Original Message ---- > From: Amos Jeffries <squid3@treenet.co.nz> > To: squid-users@squid-cache.org > Sent: Thu, 3 June, 2010 9:05:48 AM > Subject: Re: [squid-users] Squid configuration for NTLM > > On Wed, 2 Jun 2010 20:30:51 -0700 (PDT), "Prashant K.S" > <ksprashant@yahoo.com> wrote: >> Hi Amos, >> >> Thanks for your reply. >> >> I want to correct my words. I do have access to some NT domain. But just >> that I have the user and password to authenticate against that domain. > But >> my computer is not part of that domain. Will I able to achieve NTLM >> authentication with Squid using this setup. And If yes can you please > let >> me know the configuration. > > Okay good. > > You won't be able to do it without making the proxy a machine account on > the domain. Apparently the winbindd manual page has details on how the > Linux machine needs to be configured into the domain. > > Details on the Squid and Samba setup can be found here: > http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm > > Amos
Received on Thu Jun 03 2010 - 05:11:01 MDT

This archive was generated by hypermail 2.2.0 : Thu Jun 03 2010 - 12:00:04 MDT