[squid-users] Transparent Squid with NTLM auth works, questions.

From: Nick Duda <nduda@dont-contact.us>
Date: Tue, 6 May 2008 14:10:41 -0400

I've successfully built and deployed a Transparent squid solution, failover using WCCP, with the ability to perform NTLM authentication for the employees transparently (not using PROXYAUTH, using SmartFilters Authentication processes). We can now have an office that can lose one or both transparent proxy servers and still browse to the internet as "if all else fails" using WCCP, maintaining NTLM authentication for ACL's and logging and perform content filtering.

Couple questions, has anyone else done a setup like this? I'm curious to deploy this (slated for next week, to an office of 500). We have fully tested the solution, but we are moving away from using the normal squid NTLM helpers (no more winbind/samba needed) and curious to what others have seen using smartfilters ntlm processes under heavy load. One of our offices using winbind , squid ntlm helper shows about 30-40ntlm requests (which I noticed is per web request...lots of domain controller talking).

Also, using WCCP is it possible to have squid (with basic routing on the linux box) send the return reply from the internet out another interface?

Client ----- Switch ----- Router w/WCCP ----- ASA ----- Internet
                                        |
                   |------------squid

(I hope that ascii drawing above comes out ok lol). Client makes request to google.com. Request hits the router, setup with WCCP and sends it to the squid proxy, which hangs off its own VLAN from the router. The request goes through the proxy then back up to the router and out to the internet. The request from the internet google.com comes back to the router, down to the proxy......I'd like that to now go back to the client on the interface on the proxy that is connected to the switch. Is the client going to want to see the reply coming back through the router to them?

- Nick
Received on Tue May 06 2008 - 18:10:52 MDT

This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 12:00:02 MDT