On 29/11/2016 12:26 a.m., FredB wrote: > Hello > > I wonder if I can use NTLM auth without any integration in AD ? No, proper NTLM requires a DC allocated token be presented by the client. This token is unique per TCP connection attempt. There is no username/password available to Squid in NTLM. > Just interrogate the AD for user/password, I can do that ? The SMB_LM helper performs a downgrade attack on the NTLM protocol and decrypts the resulting username and password. Then logs into AD using Basic auth. This requires that the client supports the extremely insecure LM auth. Any sane client will not. Alternatively, the 'fake' helper accepts any credentials the client presents as long as they are correctly formatted in NTLM syntax. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
