Michael wrote:
> Hi there,
> i have an problem to get squid run as an transparent proxy and an NTLM
> authentification Server.
From the FAQ:
17.15 Can I use proxy_auth with interception?
No, you cannot. With interception proxying, the client thinks it is
talking to an origin server and would never send the Proxy-authorization
request header.
I don't see how it could be any clearer than that. squid.conf also has
the helpful words:
# WARNING: proxy_auth can't be used in a transparent proxy. It
# collides with any authentication done by origin servers. It may
# seem like it works at first, but it doesn't.
What more does it need to say on the subject to be convincing?
> I just forward the port 80 to 3128 squid port (with ipchains, standard as
> far
> as I know).
>
> the options are an must as far as I know in squid.conf
>
> http_accel_host virtual
> http_accel_port 80
> httpd_accel_with_proxy on
>
> The trans proxy is working with smb_auth .... but not with NTLM
> and the FAQ and other mailingslist are telling me that with accel*
> it is not possible to use authentification.
That isn't strictly accurate. If you are operating an accelerator
(which also uses the httpd_accel options), it would be possible to
authenticate users at the Squid machine. But not a transparent proxy.
> Question 2:
>
> Is it possible to use more then one redirect_program in squid.conf so
> that 4 example 2 programs are parsing the stream one after the other.
Not in squid.conf. You can, however, tie two redirectors together with
a simple perl script. This has been documented on the mailing list in
the past by Henrik. A quick search didn't reveal it, but it did reveal
references to it...It should probably be in the FAQ, so I'll see if I
can dig it up.
-- Joe Cooper <joe@swelltech.com> Web caching appliances and support. http://www.swelltech.comReceived on Sun Jul 21 2002 - 13:32:43 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:18 MST