RE: [squid-users] NTLM Authentication

From: Chris Perreault <Chris.Perreault@dont-contact.us>
Date: Fri, 13 Aug 2004 14:04:19 -0400

1) The webserver is asking for a username/password combo that it will
attempt to match out of the domain's user database. Proxy or otherwise, I'd
think that data would still be asked for, but realistically, for me I'll
answer "don't know".

2) domainname\username

3) if this content *is* available by not going through the proxy, then you
could have one of the webserver's pages have links like this:

<a href=actual_server_ip/1st quarter reports-last year>1st qrt</a>
<a href=proxy.com/1st quarter reports-this year>1st qrt</a>
<a href=proxy.com/2nd quarter reports-this year>2nd qrt</a>

Chris

-----Original Message-----
From: Merton Campbell Crockett [mailto:mcc@CATO.GD-AIS.COM]
Sent: Friday, August 13, 2004 10:05 AM
To: Squid Users List
Subject: [squid-users] NTLM Authentication

Background:

   (1) Users at one office access an internal web server through a Squid
        proxy server.
   (2) The internal web server is "publicly" accessible except for a set
        of directories containing financial data.
   (3) For an older set of financial reports, there were instructions on
        how to present your authentication credentials indicating the web
        server was configured to use basic authentication, i.e. the user
        ID was given as WINSdomain\username.
   (4) A new set of reports was recently added to the web server but
        cannot be accessed through the Squid proxy.
   (5) The login screen presented to the user looks like the standard
        screen used for basic authentication.

Questions:

   (1) When a web server uses NTLM authentication, will a login screen
        be presented when the web site is accessed via a Squid proxy?
        (My recollection from years ago was that the login screen was
        only displayed when basic authentication was enabled?)
   (2) The web server was recently switched from a WindowsNT to an
        Active Directory domain. What is the syntax for a user login
        ID when basic authentication is used?
   (3) Is there a convenient way of specifying to the user that they
        should bypass the proxy for a subset of the web content?

Merton Campbell Crockett 

-- 
BEGIN:				vcard
VERSION:			3.0
FN:				Merton Campbell Crockett
ORG:				General Dynamics Advanced Information
Systems;
				Intelligence and Exploitation Systems
N:				Crockett;Merton;Campbell
EMAIL;TYPE=internet:		mcc@CATO.GD-AIS.COM
TEL;TYPE=work,voice,msg,pref:	+1(805)497-5045
TEL;TYPE=work,fax:		+1(805)497-5050
TEL;TYPE=cell,voice,msg:	+1(805)377-6762
END:				vcard
Received on Fri Aug 13 2004 - 12:06:13 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT