Search squid archive

Re: Squid configuration for NTLM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2 Jun 2010 20:56:42 -0700 (PDT), "Prashant K.S"
<ksprashant@xxxxxxxxx> wrote:
> Hi Amos,
> 
> One more question.
> 
> My primary purpose is to test a NTLM client that I have developed
against
> Linux Squid proxy.
> 
> If I cannot configure squid proxy, is there any openly available squid
> proxy that uses NTLM and for which I can register myself and get a user
> name and password which I can use for authentication and test my NTLM
> client.
> 
> Regards,
> Prashant


Oh, that is a different prospect.

If you are just testing that the protocol coding etc is valid you can use
the fakeauth NTLM helper:
 
http://wiki.squid-cache.org/ConfigExamples/Authenticate/LoggingOnly#NTLM_Authentication

It does NTLM challenges with random tokens and validates the client reply
blobs are self-consistent, but does not use any domain to check the coded
password/username actually match valid ones.
 If the authentication blobs or connection handling are broken they will
show up with this handler.

If you need deeper checks the that username/token were being transferred
from the client to DC, then you will need a full real domain linkage setup.

Amos

> 
> ----- Original Message ----
> From: Prashant K.S <ksprashant@xxxxxxxxx>
> To: Amos Jeffries <squid3@xxxxxxxxxxxxx>; squid-users@xxxxxxxxxxxxxxx
> Sent: Thu, 3 June, 2010 9:11:09 AM
> Subject: Re:  Squid configuration for NTLM
> 
> Hi Amos,
> 
> The domain I am talking about is my office network domain and my
computer
> cannot be a part of that domain. Is it possible to host myself a domain
or
> be a part of some domain that is available in open(Not sure how risky is
> it).
> 
> Regards,
> Prashant
> 
> 
> 
> 
> ----- Original Message ----
> From: Amos Jeffries <squid3@xxxxxxxxxxxxx>
> To: squid-users@xxxxxxxxxxxxxxx
> Sent: Thu, 3 June, 2010 9:05:48 AM
> Subject: Re:  Squid configuration for NTLM
> 
> On Wed, 2 Jun 2010 20:30:51 -0700 (PDT), "Prashant K.S"
> <ksprashant@xxxxxxxxx> wrote:
>> Hi Amos,
>> 
>> Thanks for your reply.
>> 
>> I want to correct my words. I do have access to some NT domain. But
just
>> that I have the user and password to authenticate against that domain.
> But
>> my computer is not part of that domain. Will I able to achieve NTLM
>> authentication with Squid using this setup. And If yes can you please
> let
>> me know the configuration.
> 
> Okay good.
> 
> You won't be able to do it without making the proxy a machine account on
> the domain. Apparently the winbindd manual page has details on how the
> Linux machine needs to be configured into the domain.
> 
> Details on the Squid and Samba setup can be found here:
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm
> 
> Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux