Re: [squid-users] NTLM Auth and transparently access

From: Leonardo Rodrigues Magalhães <leolistas_at_solutti.com.br>
Date: Tue, 04 Nov 2008 09:11:11 -0200

keisuke.hamanaka_at_uniadex.co.jp escreveu:
> Sorry,my English is so poor.
>
> I 'd like to configure Squid working with NTLM AUTH.
> Can the clinet which has already logged in Windows' domain access to the Internet
> transparently? Or Is the client be asked Usename and Password again?
>
>

    if you by 'transparently' you mean do NOT ask username/password,
then NTLM Authentication is what you need. If user is logged on the
domain, NTLM Authentication mechanism will fetch logged username and use
that on squid ACL/logs without prompting for username/password. If, by
some reason, the machine is not logged on the domain, then the user will
be prompted for username/password.

    if you by 'transparently' mean do NOT have to configure proxy on the
browser, then it's NOT possible. Even with NTLM authentication
configured and working, users will STILL need to configure their
browsers and point it to squid.

    There's NO way of doing transparently interception (capturing
requests without have proxy configured on the browser) and authenticate
these requests by any mechanism, NTLM, digest, etc etc etc. That's
simply not possible to have authentication, by any mechanism, on
transparently intercepted requests.

-- 
	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br
	Minha armadilha de SPAM, NÃO mandem email
	gertrudes_at_solutti.com.br
	My SPAMTRAP, do not email it
Received on Tue Nov 04 2008 - 11:11:31 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 04 2008 - 12:00:04 MST