Re: [squid-users] NTLM and transparent/interception confusion from Kinkie on 2009-01-02 (squid-users)

From: Kinkie <gkinkie_at_gmail.com>
Date: Fri, 2 Jan 2009 18:45:55 +0100

Could you try to get a network trace of a successfully authenticated
http transaction?
I would love to see how they do it...
Thanks!

On 1/2/09, Johnson, S <sjohnson_at_edina.k12.mn.us> wrote:
> That's too bad... I've set up numerous Bluecoat proxies and they do
> have this capability. But of course, you're paying about $50k usd /
> box.
>
> -----Original Message-----
> From: Guido Serassio [mailto:guido.serassio_at_acmeconsulting.it]
> Sent: Thursday, January 01, 2009 4:00 AM
> To: Johnson, S; squid-users_at_squid-cache.org
> Subject: Re: [squid-users] NTLM and transparent/interception confusion
>
> Hi,
>
> At 20.06 31/12/2008, Johnson, S wrote:
>>I've been doing a lot of reading on this... I've got the proxy working
>>in either of these two modes:
>>1) As a browser configuration proxy
>>2) with http_port 3128 transparent, in redirected mode
>>
>>I've got NTLM authentication working just fine with #1 above. However,
>>with #2 I never get a password prompt. I don't really care about
>>transparency; I just want to authenticate users that are outbound
>>without having to configure their browser.
>>
>>I asked this question a couple of months back and there are people
>>stating that they are doing the authentication with transparent mode.
>>Some of the references I've found in my searches also seem to
>>corroborate the possibility of this working (but it's not working for
>>me). However, in the documentation it seems that this should not be
>>possible. Am I barking up the wrong tree or is this truly possible?
>
> You cannot.
>
> Youa are mixing two very different and incompatible things:
>
> - Transparent/intercepting proxy
> - NTLM transparent (silent) authentication, also known as Windows
> integrated authentication
> http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-e56904dd4dfe
> 0e21e5c2903473c473d401533ac7
>
> Regards and happy New Year
>
> Guido
>
>
>
> -
> ========================================================
> Guido Serassio
> Acme Consulting S.r.l. - Microsoft Certified Partner
> Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
> Tel. : +39.011.9530135 Fax. : +39.011.9781115
> Email: guido.serassio_at_acmeconsulting.it
> WWW: http://www.acmeconsulting.it/
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>

-- 
    /kinkie

Received on Fri Jan 02 2009 - 17:45:58 MST

This archive was generated by hypermail 2.2.0 : Sat Jan 03 2009 - 12:00:01 MST