Hi! On Wed, Jul 20, 2011 at 12:08 PM, chinner999 <chinner999@xxxxxxxxx> wrote: > Right from the squid.conf file > > WARNING: authentication can't be used in a transparently intercepting > # proxy as the client then thinks it is talking to an origin server and > # not the proxy. This is a limitation of bending the TCP/IP protocol to > # transparently intercepting port 80, not a limitation in Squid. > # Ports flagged 'transparent', 'intercept', or 'tproxy' have > # authentication disabled. > > Guess I can't use authentication with a transparent setup. Will have to investigate intercept proxy. I'm trying to use Cisco WCCP via our Cisco 5505's so if I go intercept proxy and the Squid server goes offline, Internet traffic can still go through. No, you can't authenticate in transparent. However, if you send proxy configuration through AD policy (so that you don't need to go to every workstation to configure it), you could configure squid to use AD for auth purposes - maybe... kerberos auth. Also, there is WPAD that you can use to "automatically detect" proxy. All of this will have the advantage of allowing you to do access control based on users and groups. Sincerely, Ildefonso Camargo
