[squid-users] Certain applications when using NTLM auth

From: Henrique Machado <henrique.cicuto_at_gmail.com>
Date: Mon, 2 Feb 2009 13:48:56 -0200

Morning,

For quite some time Iīve wondered about something.
Certain applications worked perfectly with Squid in the past.
But, since weīve integrated it with Active Directory (NTLM auth) some
applications just donīt work anymore, even if they do have
"authenticated proxy support".
What Iīve noticed about NTLM authentication with Squid is:

1) Application sends HTTP request (Firefox or IE, for instance)
2) Squid receives the request and then returns HTTP code 407 to the
client (Proxy Authentication Required)
3) The application receives the 407 code and asks the user for
authentication input (the browsers use the current logged user
credentials if inside an Active Directory domain)
4) The application sends the authentication info
5) Squid receives it, checks it and then does its work

But, some applications, APT being a very simple example (and one of my
headaches) canīt ask for an input. And even configuring it to send
userīs credentials doesnīt seen to work (Squid keeps replying with
407).
I presume that the behavior "wait until I ask for auth credentials" is
necessary for the complete functionality, so Squid just ignores the
info thatīs initially sent.

Anyway I can solve that without having to put those applications
"outside the proxy"?

Best regards,

Henrique Cicuto Machado
Received on Mon Feb 02 2009 - 15:49:04 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 05 2009 - 12:00:01 MST