I know the 2.7 and 3.1 code support the pass-through authentication. Beyond that I'm not sure. You will need the login=pass in the cache_peer line and should also set the persistent_connection_after_error parameter to 'on'. I have used this configuration with a microsoft ISA proxy. Jeff F> -----Original Message----- From: Matt Weisberg [mailto:matt@xxxxxxxxxxxx] Sent: Friday, October 16, 2009 1:54 PM To: squid-users@xxxxxxxxxxxxxxx Subject: Confused on NTLM Passthrough I have a situation where I'd like to use squid as a proxy cache in front of another proxy (Scan Safe) that uses NTLM authentication. I've been trying to determine if squid can properly pass through the NTLM authentication. Unfortunately, I'm quite confused as to if this is possible or not. There seems to be ton of conflicting information on this. Basically, I want this: User (authenticated to AD Domain) --> Squid --> Scan Safe (requiring NTLM auth) From what I can gather, I think this should work if I setup the cache peer with login=pass, but I'm not sure. Basic auth is NOT allowed, NTLM is required. It also seems that only certain versions of squid properly support NTLM pass through. Is that correct? If so, which versions? Thanks. Matt *** The information in this e-mail is confidential and intended solely for the individual or entity to whom it is addressed. If you have received this e-mail in error please notify the sender by return e-mail delete this e-mail and refrain from any disclosure or action based on the information. ***
