Re: [squid-users] Help on squid external proxy configuration from Amos Jeffries on 2014-07-02 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 03 Jul 2014 16:44:42 +1200

On 2014-07-01 21:23, Roberto PATRICOLO wrote:
> Hi all
>
> I'm new in this environments, so I've a problem related to an
> application in an environment that uses a NTLM authentication. This
> kind of
> authentication is not supported by the sw I'm using so the support
> said me that the best way to solve the issue is installing a squid
> proxy server
> in order to use my box as a proxy without authentication internally
> and use the squid proxy as connecting to another external proxy
> using the normal credential.

FYI: there is no "normal" credentials. There is only the authentication
scheme and credentials you choose to use.

The recent releases of Squid can connect to parent proxies with Basic
authentication or Negotiate/Kerberos authentication credentials.

> Hope my explanation is clear.
>
> Practically, my box with a squid proxy server installed must receive
> the http requests from my sw and use this proxy to connect without
> credential
> to the external proxy with normal... and it, defintely, will connect
> to internet site I'm searching for.
>
> How can I do this? what simple kind of configuration I must to use
> in my squid proxy server?

Default proxy configuration to start with.

* Configure a cache_peer entry pointing at the upstream proxy. Use the
login= option to configure the Basic authentication credentials your
Squid proxy is to use to login to the upstream peer.

At this point any client you permit to use the proxy can relay requests
to the upstream proxy (no authentication required by them). You can
choose to leave it like this, to setup an external_acl_type helper that
provides per-client credentials for the upstream proxy, or to setup auth
for the clients.

NTLM authentication with the client sw is covered in
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm. Be aware
that NTLM is starting to have problem reports registered against it. The
reasons vary between an undiscovered bug in Squid (suspected, not
proven) and NTLMv1 / LM support being disabled in many applications
nowdays (they can be decrypted by attackers in realtime faster than the
client can login).

HTH
Amos
Received on Thu Jul 03 2014 - 04:45:00 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 03 2014 - 12:00:05 MDT