[squid-users] NTLM not-proxiable- workarounds?

From: Josh Wyatt <Josh.Wyatt@dont-contact.us>
Date: Wed, 03 Dec 2003 17:58:52 -0500

Hi all,

I know that NTLM authentication is not proxiable, per microsoft and per reading several threads on the subject. I'm
wondering what other squid users do when you have users using it, but still need to deploy a transparent proxy.

My situation is as follows. I'm using a cisco router doing wccp (works great!) redirection to a redhat 9 linux box
running squid-2.5.STABLE1. Outlook Web Access of course fails through this setup.

I've tried the following:
1. Added 'extension_methods SEARCH SUBSCRIBE UNSUBSCRIBE POLL BCOPY BPROPPATCH' to the config as suggested in another,
older (circa 2000) thread from this list (for 2.4 and earlier). No effect.
2. Added 'acl exchange urlpath_regex exchange' and 'always_direct allow exchange' to the config, to try and make all
accesses to urls containing 'exchange' go direct. Squid logs the attempts as going direct, but it doesn't fix
authentication.

Does anyone have any solution or workaround? I'm perfectly OK with not proxying/caching NTLM streams. Surely there is
a way around this.

Thanks,
Josh
Received on Wed Dec 03 2003 - 15:59:23 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:05 MST