[squid-users] NTLM + NTLMSSP (2)

From: Alain Delava (Trasys) <alain.delava@dont-contact.us>
Date: Fri, 19 Apr 2002 12:01:44 +0200

(Sorry for the previous post in HTML - here i use netscape :)

Hi,

I am trying Squid2.5-PRE6 with NTLM authentication using the NTLMSSP
helper. It wokrs quite well but I have a question : is there a way to
define which NT user account can have access to the proxy and which not
?

On my production SQUID2.4 I am using smb_auth and this is possible by
managing the NT read right on the \\netlogon\proxyauth text file.

Is there a similar mechanism with NTLMSSP ?

My other question is : I am ALSO using (on the test squid2.5) basic
authentication after NTLM for users using an old IE version or Netscape.
But with :

auth_param ntlm program /usr/local/squid/libexec/ntlm_auth DOMAIN1/PDC1
DOMAIN2/PDC2
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/local/squid/libexec/msnt_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl domainusers proxy_auth REQUIRED
http_access allow domainusers
http_access deny all

even when the NTLM authentication succeeds (IE 6.0), I get the
authentication dialog box (msnt_auth) although the requested web page is
already displayed. Is there a way to use basic/msnt_auth ONLY as a
fall-back method if NTLM/NTLMSSP fails ?

Thanks in advance,

Alain
Received on Fri Apr 19 2002 - 04:02:39 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:36 MST