Mark Elsen wrote:
My situation is simple:
A web site is using NTLM authentication ans ask the user for credentials
(without squid).
Our squid goes out trhough a NAT connection, then when the user tries
with squid configured, and IIS error shows up in the browser saying:
You are not authorized to view this page
You do not have permission to view this directory or page using the
credentials that you supplied because your Web browser is sending a
WWW-Authenticate header field that the Web server is not configured to
....
http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14
Some extracts from this FAQ section :
+We cannot proxy connections to a origin server that use NTLM
authentication, but we can act as a web accelerator or proxy server
and authenticate the client connection using NTLM.
...
+The protocol has several shortcomings, where the most apparent one is
that it cannot be proxied.
....
M.
:( so basically there's no working solution for proxying this kind of site.
The only workaround we have is to configure the clients to not proxy
this site and them configure my nat/firewall to let this GET go through,
but this solution avoids completely squid controls and push our team to
configure more than 400 stations.
Anyone has a better solution ?
Guillermo
