OK. What I have here is a failure to communicate. I've got a Debian server running Samba-3.0.2, winbind, and squid-2.5.9-10. All of these came to me as debian packages. I've got ntlm authentication set up in squid.conf: #Recommended minimum configuration: #auth_param digest program <uncomment and complete this line> #auth_param digest children 5 #auth_param digest realm Squid proxy-caching web server #auth_param digest nonce_garbage_interval 5 minutes #auth_param digest nonce_max_duration 30 minutes #auth_param digest nonce_max_count 50 auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=3Dsquid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 5 auth_param ntlm max_challenge_lifetime 2 hours auth_param ntlm use_ntlm_negotiate on #auth_param basic program /usr/lib/squid/smb_auth -W (My Domain) #auth_param basic children 5 #auth_param basic realm (identifier) #auth_param basic credentialsttl 2 hours #auth_param basic casesensitive off ----- The ntlm_auth program came with winbind. Here's my acl section: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl localhosts proxy_auth REQUIRED src 192.168.0.0/255.255.248.0 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow all localhosts Now my problem is that when a user logged into our domain and loads up IE, it still brings up a password dialog box even though I've read everywhere that IE isn't supposed to do this with ntlm authentication. If I enter a correct username/password combination, I can browse just fine. Is there something I'm missing in order to get transparent proxying to work? Thanks in advance.. walker
