I'm still not what sure what you mean; do you mean clients will speak NTLM to the intranet server but have squid configured as a web proxy?
Adrian On Tue, May 16, 2006, Baumgaertel, Oliver wrote: > > > We have several layers of Proxies: > > User -> Region -> Region -> inner farm -|Firewall|-> DMZ farm > -|Firewall|-> Internet > User -----------> Region -> > User ---------------------> > > We do all our authentication/authorisation and filtering based on > user/group in the inner farm. Currently we mainly do authentication > based on the IP adress(-range) (around 95%) and only very few users are > authenticated via NTLM. However, we are under orders to change that in > the foreseeable future to pure NTLM. So that'll be for Proxy > authentication, server NTLM is only done within the intranet itself and > that's taken care of in the proxy settings of the clients. > > BlueCoats for example allow such a scenario with a thing called "NTLM > forwarding". As far as I am aware that's not possible with Squid right > now. So I wonder if that'll be part of the upcoming Stable 2.6/3 as > we've to start planning for the nescessary changes rather soon.
