Re: [squid-users] NTLM only for logging & delay pools?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 19 Dec 2003 14:55:54 +0100 (CET)

On Fri, 19 Dec 2003, Niksa Franceschi wrote:

> Here's what I need to do:
> Use NTLM only for logging in access.log & to use for delay pools (all fit in one
> pool, while few users in different pool).

I don't think ntlm works properly in delay_access at the moment..

> All users should be allowed to use proxy, without being prompted for login/passwd information.

This is only partially possible. Any users not logged in (i.e. Win 9X
stations etc) will be requested for login/passwd information.

> Problem is if I use NTLM for authentication, browsers which don't understand
> NTLM get either box to enter login/passwd (if using basic auth afterwards),
> or cache access denied if using only NTLM auth (even though I put in squid.conf
> http_access allow all afterwards).

Yes.

> If I dont use NTLM as authentication, I don't get usernames from NT domain.

Yes.

> So is it possible & how to use NTLM only for loggin of usernames which use NTLM
> aware browsers, while other are logged only by IP (and *all* need to be able to use
> proxy, without being prompted for password)?

You could try using the browser acl to determine when to request
authentication.

Regards
Henrik
Received on Fri Dec 19 2003 - 06:55:57 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:17 MST