The ISA is configured to require "Microsoft Integrated" login over HTTP... (technically not a HTTP authentication method, but disguises itself as one..)
You have three options: a) To have the ISA server reconfigured to also accept Basic authentication, as required to be able to use the ISA proxy service with anything else than Microsoft Explorer.. (i.e. Squid, Netscape/Mozilla etc...) (requires cooperation from the ISA server administrator) b) Use a Basic->NTLM proxy gateway between Squid and the ISA server (not the best performance..) c) Have Squid extended to perform the NTLM negotiation to parent peers automatically without the need for a separate Basic->NTLM authentication gateway. (requires coding) Regards Henrik On Tuesday 25 February 2003 11.43, Matthew Robinson wrote: > Hi, > > I've just come up against a requirement to get a local Squid proxy > talking to an upstream ISA server that requires authentication. > > The same box has been used before to talk to other upstream Squid > servers that also require authentication (the standard > login=user:password parameter to cache_peer worked there fine). > > With the ISA login it seems a domain needs to be specified at > authentication time too, which can't be explicitly defined with > cache_peer. > > I've heard that Windows authentication can (in some cases) be > passed in the format of "DOMAIN/USERNAME" as the username in order > to pass both values, but this didn't seem to work for me. > > Apologies if the answer is staring me in the face, I've searched > the archives of this list & done the usual google groundwork but > have come up with nothing. > > Thanks in advance, > > Matt
