Re: [squid-users] pam_auth and IE

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 03 Jun 2003 16:00:30 +0200

When using the fake_auth ntlm helper the users should only get a prompt
if they are not logged in to a windows NT compatible domain.

However, the fake_auth helper is very simple in it's implementation of
NTLMSSP and may fail with certain browser versions. In such case the
users may be presented with a login box where they can not login (their
login attempt will still not be understood by fake_auth...)

Regards
Henrik

tis 2003-06-03 klockan 14.23 skrev Jerry Murdock:
> Think that's it. not sure if they will NEVER get a prompt, I haven't
> played with it.
>
> Jerry
>
>
> ----- Original Message -----
> From: "McWhirter,Julia" <julia.mcwhirter@superh.com>
> To: "Jerry Murdock" <jmurdock@itraktech.com>; "Eric Ferguson"
> <eric.ferguson@jaguartech.com>; <squid-users@squid-cache.org>
> Sent: Tuesday, June 03, 2003 5:04 AM
> Subject: RE: [squid-users] pam_auth and IE
>
>
> Jerry,
>
> Sorry to but in on this but I am also very interested in the logging of
> user information without the hassle of authentication. Did you mean the
> no_check helper? And with this module is the user prompted for the
> username/password?
>
> Regards
> Julia McWhirter
> IT Manager
>
> SuperH (UK) Ltd
> Network House
> 2410 Aztec West
> Almondsbury
> Bristol
> BS32 4QX.
>
> Web : www.superh.com
> E-mail : julia.mcwhirter@superh.com
> Direct : +44 1454 465661
> Switch : +44 1454 465600
> Mobile : +44 7979 913494
>
>
> > -----Original Message-----
> > From: Jerry Murdock [mailto:jmurdock@itraktech.com]
> > Sent: 03 June 2003 05:22
> > To: Eric Ferguson; squid-users@squid-cache.org
> > Subject: Re: [squid-users] pam_auth and IE
> >
> > If you really don't care about authentication, one of the NTLM helpers
> > doesn't check passwords - just accepts whatever the browser feeds it.
> >
> > Jerry
> > ----- Original Message -----
> > From: "Eric Ferguson" <eric.ferguson@jaguartech.com>
> > To: "'Jerry Murdock'" <jmurdock@itraktech.com>;
> > <squid-users@squid-cache.org>
> > Cc: <doobie.sellers@jaguartech.com>
> > Sent: Monday, June 02, 2003 8:20 PM
> > Subject: RE: [squid-users] pam_auth and IE
> >
> >
> > > Hi Jerry,
> > >
> > > Just to make sure I am thinking right then, I need to get NTLM
> > > authentication running in order to avoid the popups?
> > >
> > > The squid box needs to authenticate to a Windows 2000 native AD.
> All I
> > > really want to do is get logging of the Windows user ID in the squid
> > > logs. If I can do this without proxy authentication, I would be
> fine
> > > with that too. If you could bear with me, I just have a few
> questions.
> > >
> > > 1. Will NTLM authentication work in a native Windows 2000 AD.
> > >
> > > 2. What is the simplest way to get the authentication or logging
> working
> > > in a native Windows 2000 AD? (I'm hoping not to have to set up
> Samba,
> > > join the domain, etc.)
> > >
> > > 3. Do I really need proxy authentication to get basic logging of the
> > > user ID in the log?
> > >
> > > Thanks for all your help!!!
> > >
> > > Eric Ferguson
> > >
> > >
> > > -----Original Message-----
> > > From: Jerry Murdock [mailto:jmurdock@itraktech.com]
> > > Sent: Monday, June 02, 2003 6:05 PM
> > > To: Eric Ferguson
> > > Subject: Re: [squid-users] pam_auth and IE
> > >
> > > The behavior your describing is characteristic of NTLM
> authentication.
> > >
> > > With any basic authenticator, you will still get the initial user/pw
> > > prompt.
> > >
> > > Jerry
> > >
> > > ----- Original Message -----
> > > From: "Eric Ferguson" <eric.ferguson@jaguartech.com>
> > > To: <squid-users@squid-cache.org>
> > > Sent: Monday, June 02, 2003 5:41 PM
> > > Subject: [squid-users] pam_auth and IE
> > >
> > >
> > > > Hi All,
> > > >
> > > > I am using proxy authentication for squid. My clients are being
> > > > prompted for user name and password and being authenticated
> correctly-
> > > > so far so good. However, I thought IE would send an initial ID
> and
> > > > password for the currently authenticated user on its first attempt
> to
> > > > authenticate and not require the user to do a manual login.
> > > >
> > > > I am currently using the built-in radius helper for squid because
> the
> > > > PAM radius authenticator is having problems with Redhat 9.0.
> > > >
> > > > Any suggestions would be appreciated.
> > > >
> > > > Thanks,
> > > >
> > > > Eric
> > > >
> > > > Eric.ferguson@jaguartech.com
> > > >
> > > >
> > > >
> > > >
> > >

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Tue Jun 03 2003 - 08:00:51 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:13 MST