RE: [squid-users] https, ntlm and cache_peer

From: <lderuaz@dont-contact.us>
Date: Mon, 9 Aug 2004 17:06:59 +0200

Hello again.

My need is quite different :

Client ==(1)==> internal_squid (NTLM) ==(2)==> external_squid ====> internet

The authentication is performed on the first squid server ; then this server
"forwards" the requests to the second one.
Its works fine for http traffic, but not https.

I've configured my 'internal proxy' to force SSL requests through its parent
(external_proxy), as described in the FAQ §19.2 : that is ok if no ntlm
authentication is required, but this traffic is stopped (denied error message
in access.log) if nltm authentication is required.

Anyone has met this problem ?

But still not woserver,

> On Mon, 9 Aug 2004, Van Hoorenbeeck, Peter (RST/Hammerstone EMEA) wrote:
>
> > Hey both,
> >
> > Please do update me, as I need to get this working too.
> >
> >
> > Client ===> Squid ===> NTLM proxy
> >
> > The squid should authenticate to the NTLM proxy, the client should not
> > see anything. I was hoping to get this working using login parameter to
> > the cache_peer directive.
>
> Squid can not log in to proxies using NTLM authentication, and you can not
> proxy NTLM authentication from one proxy to another.
>
> You need to have your parent configured to allow the child proxy access
> without requiring login. You may also have some success using the NTLM
> Authorization Proxy Server (see Related Software) to allow your Squid to
> login to a parent requiring NTLM authentication using the
> login=username:password option in squid.conf.
>
> Regards
> Henrik
>

--
Received on Mon Aug 09 2004 - 09:07:00 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT