Cornaggia wrote:
Dear Squid, I have just a question reagarding some practical set up of the Squid-proxy. Knowing that the NTLM authentication and the transparent mode don´t work together, my question is: if with a wpad i set automatically the browsers to use a proxy squid to access a branch of my LAN (a subdomain we call N1) and to use for all the other requests our company proxy, tha NTLM authentication works with SQUID?
Yes.
The question could be a bit strange but I have to solve a problem installing squid that makes authentication before entering in a domain (or a server integrated as domain) of my LAN, where some projects-documents reside.I will use other ACL on top of the NTLM-auth for the different users of my company: the overview is than Squid as a dedicated proxy for the access to this subdomain, use from the workers only if they try to get access to this part of the LAN, otherwise for all the other addresses requested, filter with the company proxy.For this reason i choose to setup the browsers let them find the right way for wich proxy trough wpad. Just i would like to know if than the sequence for the authentication NTLM in Squid will be pass.
Sounds like reverse-proxy would sit in there even better than a transparent proxy.
With that type you basically have the users believing the proxy *is* the subdomain web server. So they always go through the proxy, and are happy to authenticate with it. Real server is hidden behind the proxy as a peer for only it.
http://wiki.squid-cache.org/SquidFaq/ReverseProxy Amos -- Please use Squid 2.7.STABLE1 or 3.0.STABLE6
