On sön, 2008-06-29 at 08:48 -0700, nairb rotsak wrote: > I am used to running Squid/Dansguardian/Samba with ntlm auth. But I > have always used it as a stand-alone proxy.. never at the gateway. I > do it this way because I was always told that the usernames will not > show up in logs (ntlm's fault.. not Squid) when Squid is in > transparent mode. True.. > Is this still true? How the heck does the iPrism do it? ;-) They may have hacked Squid to allow NTLM WWW authentication (not proxy authentication) in transparent interception mode. Highly unstandard, and only works for the non-standard connection oriented auth schemes (NTLM/Negotiate/Kerberos). Another possibility is that they use an IP session cache, redirecting the user to "the gateway webserver" for authentication if no already established session, and link this to Squid via external_acl_type providing the username of the session based on the client IP. Have done this myself in another product (also squid based), and requires some additional software to keep track of the sessions. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part