Ok... now I am confused. I haven't set it up in a test environment, but apparently I will have to.
Henrik, is it because I am using DG? I just could swear I read somewhere that NTLM using a transparent proxy doesn't work? ----- Original Message ---- From: Nick Duda <[EMAIL PROTECTED]> To: Henrik Nordstrom <[EMAIL PROTECTED]>; nairb rotsak <[EMAIL PROTECTED]> Cc: "[email protected]" <[email protected]> Sent: Sunday, June 29, 2008 6:01:53 PM Subject: RE: [squid-users] NTLM-transparent? We do NTLM auth with squid setup transparently. We get all the names and IP's in the logs and it works great, no issues (Stable) in a 400 person call center that bangs away on an internal web application very heavily. We use SmartFilter and Squid to achieve this. - Nick ________________________________________ From: Henrik Nordstrom [EMAIL PROTECTED] Sent: Sunday, June 29, 2008 5:57 PM To: nairb rotsak Cc: [email protected] Subject: Re: [squid-users] NTLM-transparent? On sön, 2008-06-29 at 08:48 -0700, nairb rotsak wrote: > I am used to running Squid/Dansguardian/Samba with ntlm auth. But I > have always used it as a stand-alone proxy.. never at the gateway. I > do it this way because I was always told that the usernames will not > show up in logs (ntlm's fault.. not Squid) when Squid is in > transparent mode. True.. > Is this still true? How the heck does the iPrism do it? ;-) They may have hacked Squid to allow NTLM WWW authentication (not proxy authentication) in transparent interception mode. Highly unstandard, and only works for the non-standard connection oriented auth schemes (NTLM/Negotiate/Kerberos). Another possibility is that they use an IP session cache, redirecting the user to "the gateway webserver" for authentication if no already established session, and link this to Squid via external_acl_type providing the username of the session based on the client IP. Have done this myself in another product (also squid based), and requires some additional software to keep track of the sessions. Regards Henrik
