Hi Amos, Many thanks for your reply. I have tried changing the config to connection-auth=on but i still get the username/password prompt and even if i enter correct creditials after three attempts the ISA proxy returns an access denied page. Is there anything else i could be missing? Many thanks, Dean ----- Original Message ----- From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx> To: "Dean A. Welbourn" <welbournd@xxxxxxxxxxxxx> Cc: "squid-users" <squid-users@xxxxxxxxxxxxxxx> Sent: 14 January 2009 22:49:06 o'clock (GMT) Europe/London Subject: Re: NTLM Passthru to ISA2006 > Hi, > > Sorry forgot to say that bit! Im running Squid 2.7 STABLE 5 on Windows > Server 2003 (this is my boss's prefered OS). > > Thanks, > > Dean > > ----- Original Message ----- > From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx> > To: "Dean A. Welbourn" <welbournd@xxxxxxxxxxxxx> > Cc: squid-users@xxxxxxxxxxxxxxx > Sent: 14 January 2009 20:21:08 o'clock (GMT) Europe/London > Subject: Re: NTLM Passthru to ISA2006 > >> Hi, >> >> Sorry for the delay ive been out of the office for a few days. >> >> Currently i have the following (i dont have any auth_ settings enabled): >> >> # Define source all >> acl all src all >> >> # Define Safe Ports >> acl SSL_ports port 443 >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 # https >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> acl CONNECT method CONNECT >> >> # Deny requests to unknown ports >> http_access deny !Safe_ports >> >> # Deny CONNECT to other than SSL ports >> http_access deny CONNECT !SSL_ports >> >> # Allow access to ALL >> http_access allow all >> >> # Define port to listen on >> http_port 8080 >> >> # Define cache peer >> cache_peer holly.selby.college parent 8080 7 >> proxy-only no-query no-digest login=PASS default >> >> Many thanks, >> >> Dean >> >> ----- Original Message ----- >> From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx> >> To: "Dean A. Welbourn" <welbournd@xxxxxxxxxxxxx> >> Cc: "squid-users" <squid-users@xxxxxxxxxxxxxxx> >> Sent: 11 January 2009 21:46:03 o'clock (GMT) Europe/London >> Subject: Re: NTLM Passthru to ISA2006 >> >>> Hi, >>> >>> Im trying to implement a Squid proxy with a parent of ISA2006 using >>> integrated NTLM passthru. Should this be possible? I either get three >>> username/password prompts before i get an authorization required error >>> message from the ISA server or just a page can not be displayed error? >>> >>> Any help would be greatly appreciated, this is for a college project. >>> >>> Many thanks, >>> >>> Dean Welbourn >>> >> >> What configuration do you have at present? particularly the auth_*, >> cache_peer, acl, and http_access lines in the order they appear. >> >> Amos >> > > Ah right. Squid version? > This is only expected to work in Squid-2.6, 2.7, or 3.1. > I have an experiment going with another user at present. The results so far lead me to believe that cache_peer with NTLM pass-thru can have either login=PASS - to pass login to backend in Basic format. or connection-auth=on - to pass NTLM messages through. but not both at the same time. Combining appears to cause multiple-login boxes from the backend which may not succeed even with correct credentials. This is not fully confirmed yet, so take it with a very large portion of doubt. But it may be worthwhile trying the other config. Amos
