Dear James, Thanks for the attention. Yes, I´m talking about Debian APT Tool =]. And I´ve already configured apt.conf so to use the proxy, adding username and password in it, but even so it´s not working, and my proxy keeps returning HTTP 407. Tried creating a user "me" with password "123456" inside my AD domain, and it´s not working as well. Maybe something in my Squid auth configuration, but I´m not sure. 2009/2/2 James Zuelow <James_Zuelow@xxxxxxxxxxxxxxx>: > >> -----Original Message----- >> From: Henrique Machado [mailto:henrique.cicuto@xxxxxxxxx] >> Sent: Monday, 02 February, 2009 06:49 >> To: squid-users@xxxxxxxxxxxxxxx >> Subject: Certain applications when using NTLM auth > >> But, some applications, APT being a very simple example (and one of my >> headaches) can´t ask for an input. And even configuring it to send >> user´s credentials doesn´t seen to work (Squid keeps replying with >> 407). > > You will always get 407 replies with NTLM authentication. It is just how the protocol is designed. > >> I presume that the behavior "wait until I ask for auth credentials" is >> necessary for the complete functionality, so Squid just ignores the >> info that´s initially sent. > > Apt as in the Debian apt tool? I have a variety of Debian boxes (used to be Sarge, now Etch and Lenny) that authenticate to squid via NTLM, and this "just works" for me: > > Set up an /etc/apt/apt.conf file like this: > > Acquire::http::Proxy "http://username:password@xxxxxxxxxxx:3128/";; > > Where username and password are for a service account you create in active directory. You can use a human's account, but the password will be in plaintext with the apt.conf file, so I don't suggest it. Easier to create a service account and then just tightly lock it down in AD. (All you need is that the squid proxy can authenticate to it.) > > And of course 10.11.12.13:3128 is whatever IP address/port your Squid lives on. > > If you've already done this and it doesn't work, maybe there's a typo. I've used apt with NTLM for years and it has been rock solid. > > And of course if it is another apt you're talking about, none of this applies. :) > > James >
