Search squid archive

Re: NTLM Authentication and Non-NTLM Friendly Applications

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2/21/07, Adrian Chadd <adrian@xxxxxxxxxxxxxxx> wrote:
On Tue, Feb 20, 2007, Chris Nighswonger wrote:
> Hi All,
>  I am sure that this must be a common issue with proxys and NTLM.
> (yuk..) My users run a variety of apps which desire to access the
> internet. Many of them do not play well with NTLM auth. I have been in
> the practice of simply using squid ACLs to permit access to these apps
> without authentication based on their destination domain. I am
> wondering what ways others have used to address this issue and would
> like to hear them. Or perhaps this is the best way.

Which version of Squid are you using? Squid-2.6 improves on this quite
a lot.

2.6.STABLE9

Some of these apps have in their proxy settings the option to enter
username/password. However, it looks as if they are passing these
credentials off *basic* auth style.

Below are my auth_param settings for both ntlm and basic. It seems
that I have seen somewhere in this list a post which showed using the
squid 'ntlmssp' helper as the 'basic program' setting. Perhaps this is
what I need to do so that when the app passes basic auth credentials
they are checked against the DC?

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 17
auth_param ntlm keep_alive on

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 2
auth_param basic realm Campus Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

This issue is especially acute with anti-virus client updates.

Thanks for the assistance.

Chris

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux