Re: [squid-users] Squid and NTLM issue...

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 14 Nov 2003 22:54:27 +0100 (CET)

Squid support the use of NTLM proxy authentication where the users
authenticate themselves using NTLM to the proxy for the purpose of getting
access to the Internet via the proxy.

This is not the same as proxying of NTLM authentication to a web sever,
where the user tries to authenticate using NTLM to the web server via the
proxy. NTLM by design can not be proxied. This will fail if attempted via
a proxy (all brands, not only Squid).

Regards
Henrik

On Fri, 14 Nov 2003, Kaan Saldiraner wrote:

> SO why does squid support NTLM? and i see some people already successfully
> implemented this...
> Is there any workaround?
>
> Regards,
> Kaan
> > On Fri, 14 Nov 2003, Kaan Saldiraner wrote:
> > > I am running squid-2.5.STABLE4 and Samba using winbind NTLM
> > > authentication... When i try to access a site i see in the logs that it
> > > is infact sending the domain and username... But when i try to access a
> > > site with NTLM authentication i get TCP MISS 401... What am i doing
> > > wrong?
> >
> > NTLM can not be proxied. You can not access any sites using NTLM
> > authentication via a proxy. Such things happens when certain big
> > companies implements a authentication scheme without caring about
> > following standards..
> >
> > > and why does squid need to send the domain and user info for every
> > > site...
> >
> > ???
> >
> > Your browser identifies you to the proxy on every connection to the proxy,
> > but the proxy does not disclose who you are to the site...
> >
> > Regards
> > Henrik
>
Received on Fri Nov 14 2003 - 14:54:31 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:19 MST