RE: [squid-users] Transparent proxy with NTLM fake_auth for track ing purposes. Asking for trouble?

From: Tony Melia (DMS) <Tony.Melia@dont-contact.us>
Date: Thu, 28 Nov 2002 09:07:48 +1000

My understanding was that you could not use NTLM authentication with
transparent proxying due to the way MSIE handles the authentication?

-----Original Message-----
From: Greg Baugher [mailto:gregbaugher@princemfg.com]
Sent: Thursday, 28 November 2002 3:27am
To: squid-users@squid-cache.org
Subject: [squid-users] Transparent proxy with NTLM fake_auth for
tracking purposes. Asking for trouble?

I have the following setup running right now and it appears to
work. However I am wondering if anyone might know of a reason this could
cause problems later.

Squid 2.5 Stable 1
configure
        --prefix=/usr/local/squid-2.5
        --enable-linux-netfilter
        --enable-auth=ntlm
        --enable-ntlm-auth-helpers="fakeauth no_check"

squid.conf
        auth_param ntlm program /usr/local/squid-2.5/libexec/fakeauth_auth
        auth_param ntlm children 1
        auth_param ntlm max_challenge_reuses 0
        auth_param ntlm max_challenge_lifetime 2 minutes

        acl authhost src 192.168.100.150/255.255.255.255
        acl Prince src 192.168.0.0/255.255.0.0
        acl Prince_WAN src 10.0.0.0/255.0.0.0
        acl passwdauth proxy_auth REQUIRED

        http_access allow authhost passwdauth
        http_access allow Prince
        http_access allow Prince_WAN

This is working perfectly for all users on the network with no proxy
setup.(Except users on 192.168.100.150)
Users of that IP have the proxy configured in the browser.

In case you are wondering the reasoning, the server at 192.168.100.150 is a
WinNT Terminal Server with 24 thin clients using it. I am trying to
account for our web usage and just getting the IP for the terminal server
didn't really help me. I am using Sarg to judge bandwidth allocation.

Thanks for any insight.
-Greg

Downs MicroSystems Pty Ltd
145 Margaret Street
Toowoomba Qld 4350
Ph. (07) 4639 3344 Fax (07) 4639 3820

Important Disclaimer and Warning

Downs MicroSystems does not represent or warrant that any attached files are
free from computer viruses or other defects. The attached files are
provided, and may only be used, on the basis that the user assumes all
responsibility for any loss, damage or consequences resulting directly or
indirectly from use of the attached files. The liability of Downs
MicroSystems in any event is limited to either the resupply of the attached
files or the cost of having the attached files resupplied.

NOTE: The views expressed by the individual in this message do not
necessarily reflect those of the organisation.

Downs MicroSystems is committed to protecting the privacy of individuals,
and is bound by the principles of the Commonwealth Privacy Act (1988).
Should you wish to view our Privacy Policy, please visit
www.downsmicro.com.au.

The information contained in this message is confidential and may be legally
privileged. The message is intended solely for the addressee(s). If you are
not the intended recipient, you are hereby notified that any use,
dissemination, or reproduction is strictly prohibited and may be unlawful.
If you are not the intended recipient, please contact the sender by return
e-mail and destroy all copies of the original message.
Received on Wed Nov 27 2002 - 16:07:52 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:37 MST