Hi Adrian, I made these modifications in my squid.conf and restarted squid and samba: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm use_ntlm_negotiate off auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off But no login prompt appears ;-( /Jimmy -----Original Message----- From: Adrian Chadd [mailto:adrian@xxxxxxxxxxxxxxx] Sent: den 7 september 2006 03:15 To: Guido Serassio Cc: Jimmy Jonsson; squid-users@xxxxxxxxxxxxxxx Subject: Re: ntlm_auth with password prompt On Wed, Sep 06, 2006, Guido Serassio wrote: > Hi Jimmy, > > At 20.47 06/09/2006, Jimmy Jonsson wrote: > >I have a little odd question. One of my customers who uses Squid > >wants the user to be prompted for a password and then let ntlm_auth > >authenticate the against Active Directory. Is there a way to tell > >ntlm_auth to always prompt the user for password ? > > I think no. > > NTLM authentication is some time called "transparent authentication" .... > :-) > > Internet Explorer prompts the user for authentication only when the > "transparent authentication" fails. You could just configure basic authentication using the Samba ntlm_auth helper. It'll then still authenticate against active directory, but it wouldn't use NTLM between the browser and squid to do it. (Some of the caches at work have this setup but I don't think anyone's using it yet. I'll try it out today.) Adrian
