NTLM is a Microsoft authentication scheme based on a challenge. Squid now
supports it, and in particular your users are not prompted for login/passwd
as it is done by the browser itself (MSIE).
In order to do that with Squid, squid 2.5 of course, it is now suggested to
use Samba, and in particular the ntlm_auth authenticator which is shipped
with the Samba suite. You'd better to use Samba 3, not Samba 2 to have a
good support on it.
Everything is here: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#winbind
and I remind you that your users *won't* be prompted for a login/password
if they use MSIE
--- Stéphane Davy - Consultant Alcôve Aquileo García Blancas <aquileo@unisiamex.com Pour : <sdavy@bics.fr> .mx> cc : Objet : Re: [squid-users] Réf. : [squid-users] Extract username and write it to the log file without 15/06/2004 14:42 NTLM? Thanks by your help. Then I'm triying to implement a schema in wich my users type they users and passwords when it is prompted in they MSIE. I had a previous version (squid-2.4.STABLE7-4) and had the same schema to validate my users (and worked it). But now with the version squid-2.5.STABLE3-5.3E, don't work it. So, the only change form the previos version is the authenticate_program by auth_param (for user's authentication), just like say in http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE3-RELEASENOTES.html page: authenticate_program authenticate_children proxy_auth_realm Removed. See auth_param. auth_param This replaces the authenticate_program directive. It allows configuration of multiple authentication helpers, one for each of the supported authentication schemes. Such schemes include "NTLM", "Digest (from RFC 2617)", and "Basic". Then, I think that the same schema may work in my new version. Well, with some changes in it. I hope it's clear all your dubts. P.D. What's mean NTML? Aquileo García Blancas Unisia Mexicana, S.A. De C.V. Systems Chief Tel. (52) 728 282 8382 Fax (52) 728 282 8380 e-mail aquileo@unisiamex.com.mx ----- Original Message ----- From: <sdavy@bics.fr> To: <omar.dedovic@atosmedical.com> Cc: <squid-users@squid-cache.org> Sent: Tuesday, June 15, 2004 4:17 AM Subject: [squid-users] Réf. : [squid-users] Extract username and write it to the log file without NTLM? But what is wrong with NTLM? If your users use MSIE, they won't be prompted during authentication when using the NTLM scheme, it is transparent and I think this is what you want, isn't it? You'll need to setup Samba in order to have NTLM and authentication on Active Directory, but everything is in the Squid FAQ --- Stéphane Davy - Consultant Alcôve omar.dedovic@atosmedic al.com Pour : squid-users@squid-cache.org cc : 14/06/2004 12:23 Objet : [squid-users] Extract username and write it to the log file without NTLM? Hi! Is there any way for squid to "extract" the username that is logged in on particular machine just by using information from the browser? What i basically want to see is username of person that is logged on to the machine which is using the proxy WITHOUT prompting users for "extra authentication", and then write it in the access.log together with all other info (date,dst_url etc). Example: User Bob is logged on to domain/AD. He wants to surf on the internet and starts his MSIE. While he is surfing transparently (no extra auth) i can extract the username he is logged in with on his machine/domain and then log this info into the access.log file. Is it possible? Alternative solution (without using ntlm auth/extra password prompt)? thx Omar Legal warning The information in this e-mail is confidential and is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you by mistake have received this e-mail, please destroy it and let Atos Medical know as soon as possible. Thank you. As changes may be done electronically, Atos Medical do not have the responsibility for this e-mail or any attached files, nor am Atos Medical responsible for unauthorized access or changes of it. This e-mail message has been scanned for Viruses and Content.Received on Tue Jun 15 2004 - 11:31:15 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:02 MDT