Stephan von Krawczynski wrote:
> > What you want is not possible. NTLM logins cannot be proxied.
>
> Well, lets try a different approach: can you think of any setup to enable
> clients behind a squid (and inside a private network) to get their hands on an
> IIS performing www-authentication - besides direct IP connection via NAT?
If the IIS has Basic ("plain text") authentication enabled then no
problems. If it only has NTLM authentication enabled then you have
problems as NTLM authentication cannot be proxied.
What you can do is to set up a TCP plug, giving the NTLM-only web server
a virtual IP address on your local network, where any TCP connections
sent to this IP is forwarded to the real server.
> > What has been
> > added to 2.5 is the ablilty to perform a NTLM login to the proxy.
>
> Something the like could be done with smb_auth in previous releases, too.
Not quite. The NTLM authentication scheme is not the same thing as Squid
verifying the users Basic scheme username and password to a NTLM
service.
Regards
Henrik Nordström
Received on Tue Nov 20 2001 - 10:10:28 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:04:21 MST