Re: [squid-users] Fording NTLM auth to Parent server

From: Chris Robertson <crobertson_at_gci.net>
Date: Tue, 22 Dec 2009 13:00:53 -0900

Momo wrote:
> Hi Folks,
>
> I was recently asked to put some transparent authentication on our
> corporate web access.
>
> As the server that does the authentication and access log job is off
> site, it has been decided to put a Squid proxy server beetween the
> clients this proxy to have some site local cache.
>
> Below is the setup I try to achieve:
>
> Client ---> Squid ---> NTLM enabled proxy ---> Internet
>
> Trying to set this up, i found that it was not possible to simply pass
> the auth info from the client to the NTLM enabled parent proxy (like
> with login=PASS option)
>

Squid 2.6, 2.7 and 3.1 should support pass through NTLM authentication
(to a web server or parent proxy). 3.0 will not.

> I tried using cntlmd or ntlmaps , but these would only proxy the
> authentication mechanism as one user, so the parent proxy would log
> all requests as coming from one unic user.
>
> I was wondering if there was any way, simple or not, to get squid
> forwarding auth info without having authentications requests on the
> end-user side?
>
> Thanks for your help.
>
> Momo
>

Chris
Received on Tue Dec 22 2009 - 22:01:05 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 23 2009 - 12:00:02 MST