[squid-users] Using squid with NTLM and BASIC authentication

This is a discussion on [squid-users] Using squid with NTLM and BASIC authentication within the Squid Users forums, part of the Web Server and Related Forums category; Hello All, SETUP: I am running squid-2.5.STABLE3 on RH7.3 (2.4.18-4) in a network ...


Go Back   Usenet Forums > Web Server and Related Forums > Squid Users

Reload this Page [squid-users] Using squid with NTLM and BASIC authentication

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-24-2003
Matthew Richards
 
Posts: n/a
Default [squid-users] Using squid with NTLM and BASIC authentication
Hello All,

SETUP:
I am running squid-2.5.STABLE3 on RH7.3 (2.4.18-4) in a network environment =
that=20
also contains a Windows 2000 domain as well as a number of Linux machines.

REQUIREMENTS:
I wish to set up Squid so that it requires authentication. I want Squid to =
support=20
NTLM (for any MSIE user agents) and BASIC (for any other user agents).

I posted a similar question here=20
(http://www.squid-cache.org/mail-arch...0311/0682.html)

One of the responses that I received was from Henrik and read:

"Squid always challenges using all configured authentication schemes. It is the =
client who
selects the most suitable scheme to use. What this means is that this =
"fallback" should
be automatic. User-agents who support NTLM will use NTLM, others will use=20
Basic (or Digest if configured and supported by the user-agent)."

This confused me as I had read the following in the Squid FAQ (read it for =
yourself here:
http://www.squid-cache.org/Doc/FAQ/FAQ-23.html - ss23.1 ):

"although currently you can only use one scheme at a time."

According to my interpretation of Henrik's response I should be able to meet my =
requirements by configuring Squid with the following options:

../configure --prefix=3D/usr/local/squid --enable-auth=3D"ntlm,basic" \
--enable-ntlm-auth-helpers=3D"SMB" --enable-basic-auth-helpers=3D"NCSA" \
--enable-ntlm-fail-open

Then all I should need to do is configure the following directives in =
squid.conf:

auth_param ntlm program /usr/local/squid/libexec/ntlm_auth MYDOMAIN/pdcbox
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/local/squid/libexec/ncsa_auth =
/usr/local/squid/etc/.passwd
auth_param basic children 5
auth_param basic realm My Company LAN
auth_param basic credentialsttl 2 hours

acl people proxy_auth REQUIRED
http_access allow people
http_access deny all

I also have the following directive configured.

cache_peer 165.228.128.10 parent 3128 0 no-query default

Have I got it right? Did I miss any required compilation options or directives? =
Can someone please comment?

Thank you,
Matthew Richards
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 06:08 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0