Hello,
I've been having trouble configuring squid with NTLM to replace an ISA
Server. The configuration is:
* squid version 2.7.STABLE7 (downloaded from
http://squid.acmeconsulting.it/)
* windows 2008 server
* on the client side: Internet Explorer 8
The problem is that IE8 always prompts for the password unless it is
configured with the servers in the Trusted Zone and Automatic Logon with
current user/password (no tests done with other browsers).
Users were able to access sites through the previous proxy server (ISA
Server) which was using "Integrated Authentication" without having to
provide any credentials. Without any change on Internet Explorer
configuration, once squid is in use, users are prompted for credentials.
Are there any requirements for Internet Explorer configuration to work
with squid's NTLM?
Squid configuration is:
auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe* *
auth_param ntlm children 5
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl ntlm proxy_auth REQUIRED
http_access allow ntlm
http_access deny all
icp_access deny all
http_port 8080
cache_peer proxytd parent 8080 0 no-query no-digest
login=PASS connection-auth=on
redirect_program C:\\squid\\squidGuard\\squidGuard.exe -c
C:\\squid\\squidGuard\\conf\\squidGuard.conf
acl ss dstdomain ss
always_direct allow ss
never_direct deny ss
no_cache deny ss
hierarchy_stoplist cgi-bin ?
acl to_av dstdomain avserver
header_access Pragma deny to_av
refresh_pattern -i avserver 10080 20% 999999 ignore-no-cache
reload-into-ims
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
range_offset_limit -1
maximum_object_size 200 MB
quick_abort_min -1
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
visible_hostname localhost
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
never_direct allow all
I don't know much about NTLM or ISA so I hope the question isn't stupid...
Thanks in advance,
Sailor