RE: [squid-users] NTLM and transparent/interception confusion from Johnson, S on 2009-01-02 (squid-users)

From: Johnson, S <sjohnson_at_edina.k12.mn.us>
Date: Fri, 2 Jan 2009 09:50:57 -0600

That's too bad... I've set up numerous Bluecoat proxies and they do
have this capability. But of course, you're paying about $50k usd /
box.

-----Original Message-----
From: Guido Serassio [mailto:guido.serassio_at_acmeconsulting.it]
Sent: Thursday, January 01, 2009 4:00 AM
To: Johnson, S; squid-users_at_squid-cache.org
Subject: Re: [squid-users] NTLM and transparent/interception confusion

Hi,

At 20.06 31/12/2008, Johnson, S wrote:
>I've been doing a lot of reading on this... I've got the proxy working
>in either of these two modes:
>1) As a browser configuration proxy
>2) with http_port 3128 transparent, in redirected mode
>
>I've got NTLM authentication working just fine with #1 above. However,
>with #2 I never get a password prompt. I don't really care about
>transparency; I just want to authenticate users that are outbound
>without having to configure their browser.
>
>I asked this question a couple of months back and there are people
>stating that they are doing the authentication with transparent mode.
>Some of the references I've found in my searches also seem to
>corroborate the possibility of this working (but it's not working for
>me). However, in the documentation it seems that this should not be
>possible. Am I barking up the wrong tree or is this truly possible?

You cannot.

Youa are mixing two very different and incompatible things:

- Transparent/intercepting proxy
- NTLM transparent (silent) authentication, also known as Windows
integrated authentication
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-e56904dd4dfe
0e21e5c2903473c473d401533ac7

Regards and happy New Year

Guido

-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio_at_acmeconsulting.it
WWW: http://www.acmeconsulting.it/

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Received on Fri Jan 02 2009 - 15:51:05 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 07 2009 - 12:00:02 MST