On 05/10/11 03:36, Almighty wrote:
Thanks for that Alex.
I have used wpad in the past but I had to ensure that the browsers had
"Automatically detect settings" ticked. It's for a wireless network so they
are not on our domain. We purely use NTLM for authentication and
verification that they are actually users on our domain. No problems, Im
having a looking at NoCatSplash (catch-and-release) software to see if this
will work.
It is not a matter of particular intercept software.
It is a matter of the browser refusing to supply credentials to a
middleware system which is not supposed to even exist. Interception (aka
"transparent") as you are trying to do has the full name of "third-party
interception" because that is what it is. Your portal is the third party.
NTLM and protocols like it were designed so as to preventing
third-party systems getting hold of the credentials.
You can use the intercept and a deny_info template like ERR_AGENT_WPAD
to splash page the people who get intercepted (ie don't have WPAD
working). In parallel to a regular proxy port receiving the WPAD
configured traffic where NTLM is possible.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.15
Beta testers wanted for 3.2.0.12
