Search squid archive

Re: NTLM Passthru to ISA2006

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Amos,

Many thanks for your reply. I have tried changing the config to connection-auth=on but i still get the username/password prompt and even if i enter correct creditials after three attempts the ISA proxy returns an access denied page.

Is there anything else i could be missing?

Many thanks,

Dean

----- Original Message -----
From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
To: "Dean A. Welbourn" <welbournd@xxxxxxxxxxxxx>
Cc: "squid-users" <squid-users@xxxxxxxxxxxxxxx>
Sent: 14 January 2009 22:49:06 o'clock (GMT) Europe/London
Subject: Re:  NTLM Passthru to ISA2006

> Hi,
>
> Sorry forgot to say that bit! Im running Squid 2.7 STABLE 5 on Windows
> Server 2003 (this is my boss's prefered OS).
>
> Thanks,
>
> Dean
>
> ----- Original Message -----
> From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
> To: "Dean A. Welbourn" <welbournd@xxxxxxxxxxxxx>
> Cc: squid-users@xxxxxxxxxxxxxxx
> Sent: 14 January 2009 20:21:08 o'clock (GMT) Europe/London
> Subject: Re:  NTLM Passthru to ISA2006
>
>> Hi,
>>
>> Sorry for the delay ive been out of the office for a few days.
>>
>> Currently i have the following (i dont have any auth_ settings enabled):
>>
>> # Define source all
>> acl all src all
>>
>> # Define Safe Ports
>> acl SSL_ports port 443
>> acl Safe_ports port 80                # http
>> acl Safe_ports port 21                # ftp
>> acl Safe_ports port 443                # https
>> acl Safe_ports port 70                # gopher
>> acl Safe_ports port 210                # wais
>> acl Safe_ports port 1025-65535        # unregistered ports
>> acl Safe_ports port 280                # http-mgmt
>> acl Safe_ports port 488                # gss-http
>> acl Safe_ports port 591                # filemaker
>> acl Safe_ports port 777                # multiling http
>> acl CONNECT method CONNECT
>>
>> # Deny requests to unknown ports
>> http_access deny !Safe_ports
>>
>> # Deny CONNECT to other than SSL ports
>> http_access deny CONNECT !SSL_ports
>>
>> # Allow access to ALL
>> http_access allow all
>>
>> # Define port to listen on
>> http_port 8080
>>
>> # Define cache peer
>> cache_peer        holly.selby.college        parent        8080        7
>>      proxy-only no-query no-digest login=PASS default
>>
>> Many thanks,
>>
>> Dean
>>
>> ----- Original Message -----
>> From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
>> To: "Dean A. Welbourn" <welbournd@xxxxxxxxxxxxx>
>> Cc: "squid-users" <squid-users@xxxxxxxxxxxxxxx>
>> Sent: 11 January 2009 21:46:03 o'clock (GMT) Europe/London
>> Subject: Re:  NTLM Passthru to ISA2006
>>
>>> Hi,
>>>
>>> Im trying to implement a Squid proxy with a parent of ISA2006 using
>>> integrated NTLM passthru. Should this be possible? I either get three
>>> username/password prompts before i get an authorization required error
>>> message from the ISA server or just a page can not be displayed error?
>>>
>>> Any help would be greatly appreciated, this is for a college project.
>>>
>>> Many thanks,
>>>
>>> Dean Welbourn
>>>
>>
>> What configuration do you have at present? particularly the auth_*,
>> cache_peer, acl, and http_access lines in the order they appear.
>>
>> Amos
>>
>
> Ah right. Squid version?
> This is only expected to work in Squid-2.6, 2.7, or 3.1.
>

I have an experiment going with another user at present. The results so
far lead me to believe that cache_peer with NTLM pass-thru can have either
  login=PASS - to pass login to backend in Basic format.
  or
  connection-auth=on - to pass NTLM messages through.
but not both at the same time.
Combining appears to cause multiple-login boxes from the backend which may
not succeed even with correct credentials.

This is not fully confirmed yet, so take it with a very large portion of
doubt. But it may be worthwhile trying the other config.

Amos

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux