Hello, I have currently got squid setup so it authenticates (against ntlm) users and uses squidGuard to do the blocking. At the moment if a machine is not part of the domain I get a popup box asking for authentication. Is it possible to try this authentication and if it fails then don't popup a login box but either try another type of authentication or continue. I have tried allowing everything as well as having the authentication lines but then squid just doesn't seem to pass the username on. What I would like ideally is have squid try the authentication and if it succeeds then supply the login of the user to the url_rewrite_program. If it fails then continue as normal without a login. In this case squidGuard will redirect everything to a login page which will add values to a database. When they submit the login information another request will be made and this time squid will check the database and allow the user through depending on the IP address of the remote machine. So squid will try NTLM again, fail this, check the database, as the user authenticated before see their IP in the database, get the login from the database and use this as the authenticated user login from there on. The user can then continue to browse as normal. Basically like web based authentication with NTLM (AD SSO) support. Is this possible? I realise that it might be the browser that is asking for authentication if it cant supply the authentication information to squid. If this is the case if there a helper application that attempts to connect to the IP of the requesting machine to verify authentication? Like novell and bordermanager does? Thanks for your time, Matt.
Attachment:
signature.asc
Description: OpenPGP digital signature
