> -----Original Message----- > From: Henrique Machado [mailto:henrique.cicuto@xxxxxxxxx] > Sent: Monday, 02 February, 2009 06:49 > To: squid-users@xxxxxxxxxxxxxxx > Subject: Certain applications when using NTLM auth > But, some applications, APT being a very simple example (and one of my > headaches) can´t ask for an input. And even configuring it to send > user´s credentials doesn´t seen to work (Squid keeps replying with > 407). You will always get 407 replies with NTLM authentication. It is just how the protocol is designed. > I presume that the behavior "wait until I ask for auth credentials" is > necessary for the complete functionality, so Squid just ignores the > info that´s initially sent. Apt as in the Debian apt tool? I have a variety of Debian boxes (used to be Sarge, now Etch and Lenny) that authenticate to squid via NTLM, and this "just works" for me: Set up an /etc/apt/apt.conf file like this: Acquire::http::Proxy "http://username:password@xxxxxxxxxxx:3128/";; Where username and password are for a service account you create in active directory. You can use a human's account, but the password will be in plaintext with the apt.conf file, so I don't suggest it. Easier to create a service account and then just tightly lock it down in AD. (All you need is that the squid proxy can authenticate to it.) And of course 10.11.12.13:3128 is whatever IP address/port your Squid lives on. If you've already done this and it doesn't work, maybe there's a typo. I've used apt with NTLM for years and it has been rock solid. And of course if it is another apt you're talking about, none of this applies. :) James
