On 05/10/11 03:36, Almighty wrote:
> Thanks for that Alex.
>
> I have used wpad in the past but I had to ensure that the browsers had
> "Automatically detect settings" ticked. It's for a wireless network so they
> are not on our domain. We purely use NTLM for authentication and
> verification that they are actually users on our domain. No problems, Im
> having a looking at NoCatSplash (catch-and-release) software to see if this
> will work.
>
It is not a matter of particular intercept software.
It is a matter of the browser refusing to supply credentials to a
middleware system which is not supposed to even exist. Interception (aka
"transparent") as you are trying to do has the full name of "third-party
interception" because that is what it is. Your portal is the third party.
NTLM and protocols like it were designed so as to preventing
third-party systems getting hold of the credentials.
You can use the intercept and a deny_info template like ERR_AGENT_WPAD
to splash page the people who get intercepted (ie don't have WPAD
working). In parallel to a regular proxy port receiving the WPAD
configured traffic where NTLM is possible.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.12Received on Wed Oct 05 2011 - 03:48:35 MDT
This archive was generated by hypermail 2.2.0 : Wed Oct 05 2011 - 12:00:02 MDT