Hi Amos, Thanks for your reply. I was hoping that I could inject the domain name somehow when the credentials are being submitted. I can see now it's very much a Samba related query, Regards, -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: 18 August 2011 12:48 To: squid-users@xxxxxxxxxxxxxxx Subject: Re: RE: Squid NTLM - Dont want users to have to enter domain On 18/08/11 21:52, Almighty wrote: > Hi, > > Transparent NTLM authentication works great on our site and running on 5 > proxy servers. > > However we are having an increasing number of clients who are not on the > domain (E.g. Mac labs). > Is there any way that these non-AD end users could get prompted for just > their "username& password" instead of "DOMAIN\username& password". > > Many thanks in advance, > Well, considering that NTLM is a protocol which operates by authenticating that users are members of a domain. How do you expect that would work? IIRC the Samba ntlm_auth provides "--domain=DOMAIN" option to force verification of all users against a certain domain (enabling no domain on the popup). It is up to the client software to obtain the right security tokens that domains DC will accept. Squid cannot do anything about that. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.10