[squid-users] NTLM problem with squid 2.7 on Windows Server 2008 for IE8 clients

Fri, 06 Aug 2010 11:20:15 -0700 

Hello,
I've been having trouble configuring squid with NTLM to replace an ISA Server. The configuration is: 

   * squid version 2.7.STABLE7 (downloaded from
     http://squid.acmeconsulting.it/)
   * windows 2008 server
   * on the client side: Internet Explorer 8


The problem is that IE8 always prompts for the password unless it is 
configured with the servers in the Trusted Zone and Automatic Logon with 
current user/password (no tests done with other browsers).



Users were able to access sites through the previous proxy server (ISA 
Server) which was using "Integrated Authentication" without having to 
provide any credentials. Without any change on Internet Explorer 
configuration, once squid is in use, users are prompted for credentials.
Are there any requirements for Internet Explorer configuration to work 
with squid's NTLM?


Squid configuration is:

   auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe* *
   auth_param ntlm children 5

   acl all src all
   acl manager proto cache_object
   acl localhost src 127.0.0.1/32

   acl ntlm proxy_auth REQUIRED

   http_access allow ntlm

   http_access deny all

   icp_access deny all

   http_port 8080

   cache_peer proxytd       parent    8080 0  no-query no-digest
   login=PASS connection-auth=on

   redirect_program        C:\\squid\\squidGuard\\squidGuard.exe -c
   C:\\squid\\squidGuard\\conf\\squidGuard.conf
   acl     ss  dstdomain       ss
   always_direct   allow   ss
   never_direct    deny    ss
   no_cache        deny    ss

   hierarchy_stoplist cgi-bin ?

   acl to_av dstdomain avserver
   header_access    Pragma    deny    to_av

   refresh_pattern -i avserver 10080 20% 999999 ignore-no-cache
   reload-into-ims

   refresh_pattern ^ftp:        1440    20%    10080
   refresh_pattern ^gopher:    1440    0%    1440
   refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
   refresh_pattern .        0    20%    4320

   range_offset_limit    -1
   maximum_object_size    200 MB
   quick_abort_min    -1

   acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
   upgrade_http0.9 deny shoutcast
   visible_hostname localhost

   acl apache rep_header Server ^Apache
   broken_vary_encoding allow apache

   never_direct    allow    all

I don't know much about NTLM or ISA so I hope the question isn't stupid...

Thanks in advance,
Sailor














    











					Reply via email to