Just an update on this message I've got it running ... kinda I've got firebox beta installed on my machine and when I run it threw my squid proxy server with ntlm, it shows up with domain\username in my log files, but when I run IE with the same settings it shows up with a '-' in my log files? When I log onto a machine not attached to the domain and try an access my proxy server it doesn't ask for authentication. In my DansGuardian configuration file I have Usernameidmethodproxyauth = on And my squid ALC 's acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl ntlm_auth proxy_auth REQUIRED acl localnet src 192.168.0.0/255.255.254.0 my squid http_access rules http_access allow localhost http_access allow ntlm_auth NTLM authentication rules auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minute auth_param ntlm use_ntlm_negotiate on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hour auth_param basic casesensitive off -----Original Message----- From: Paul Matthews [mailto:paul.matthews@xxxxxxxxxxxxxxxxxxxx] Sent: Friday, 14 October 2005 10:21 To: squid-users@xxxxxxxxxxxxxxx Subject: Dansguardian Squid NTLM Hi there I've got my RHEL 4 box to authenticate using NTLM. Now I want to run DansGuardian, I have edited in the '/etc/dansguardian/dansguardian.conf' file to say usernameidmethodproxyauth = on I have DansGuardian running on 8080 and squid on 3128. when I run IE via 3128 all is good, but when I run it via 8080 I get ' The page cannot be displayed' - ' Cannot find server or DNS Error Internet Explorer'?? Does anyone have a good setup, or how to guide or running these two programs together using NTLM? Do I need to change some ACL's to run squid/ntlm with squid? When I place the 'http_access allow localhost' before the 'http_access allow ntlm_auth' then DansGuardian works, but in the DansGuardian log file is does not log the domain\username.
