Re: [squid-users] Confused on NTLM Passthrough

From: Matt Weisberg <matt_at_weisberg.net>
Date: Fri, 16 Oct 2009 20:47:10 -0400

Thanks Jeff.

I guess I'll give 2.7 a shot as 3.1 is still beta, correct?

Out of curiosity, what happened with 3.0 such that this does not work
in that version?

Matt

On Oct 16, 2009, at 3:21 PM, Jeff Foster wrote:

>
> I know the 2.7 and 3.1 code support the pass-through
> authentication. Beyond that I'm not sure.
>
> You will need the login=pass in the cache_peer line and should also
> set the persistent_connection_after_error parameter to 'on'. I have
> used this configuration with a microsoft ISA proxy.
>
> Jeff F>
>
>
> -----Original Message-----
> From: Matt Weisberg [mailto:matt_at_weisberg.net]
> Sent: Friday, October 16, 2009 1:54 PM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Confused on NTLM Passthrough
>
>
> I have a situation where I'd like to use squid as a proxy cache in
> front of another proxy (Scan Safe) that uses NTLM authentication.
> I've been trying to determine if squid can properly pass through the
> NTLM authentication. Unfortunately, I'm quite confused as to if this
> is possible or not. There seems to be ton of conflicting information
> on this. Basically, I want this:
>
> User (authenticated to AD Domain) --> Squid --> Scan Safe (requiring
> NTLM auth)
>
> From what I can gather, I think this should work if I setup the cache
> peer with login=pass, but I'm not sure. Basic auth is NOT allowed,
> NTLM is required. It also seems that only certain versions of squid
> properly support NTLM pass through. Is that correct? If so, which
> versions?
>
> Thanks.
>
> Matt
>
>
>
>
> ***
> The information in this e-mail is confidential and intended solely
> for the individual or entity to whom it is addressed. If you have
> received this e-mail in error please notify the sender by return e-
> mail delete this e-mail and refrain from any disclosure or action
> based on the information.
> ***
Received on Sat Oct 17 2009 - 00:47:15 MDT

This archive was generated by hypermail 2.2.0 : Sat Oct 17 2009 - 12:00:03 MDT