Re: [squid-users] Certain applications when using NTLM auth

From: Robert Collins <robertc_at_squid-cache.org>
Date: Thu, 05 Feb 2009 08:59:50 +1100

On Mon, 2009-02-02 at 13:48 -0200, Henrique Machado wrote:
> Morning,
>
> For quite some time Iīve wondered about something.
> Certain applications worked perfectly with Squid in the past.
> But, since weīve integrated it with Active Directory (NTLM auth) some
> applications just donīt work anymore, even if they do have
> "authenticated proxy support".
> What Iīve noticed about NTLM authentication with Squid is:
>
> 1) Application sends HTTP request (Firefox or IE, for instance)
> 2) Squid receives the request and then returns HTTP code 407 to the
> client (Proxy Authentication Required)
> 3) The application receives the 407 code and asks the user for
> authentication input (the browsers use the current logged user
> credentials if inside an Active Directory domain)
> 4) The application sends the authentication info
> 5) Squid receives it, checks it and then does its work
>
> But, some applications, APT being a very simple example (and one of my
> headaches) canīt ask for an input. And even configuring it to send
> userīs credentials doesnīt seen to work (Squid keeps replying with
> 407).

Apt does not support NTLM; you need to configure 'basic' authentication
as well as NTLM in squid.

Cheers,
Rob

Received on Wed Feb 04 2009 - 22:00:01 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 05 2009 - 12:00:01 MST