USING WIN NT SERVER WITH PROXY SERVER

Wed Jan 3 21:56:42 GMT 2001

*This message was transferred with a trial version of CommuniGate(tm) Pro*
winsocks proxy, works only with the winsock wrapper, that encapsulates
packets, and sends them to the proxy server, to be de-encapsulated, and
transmitted out, as if the server was the client.  This is a very powerfull
function, as this method supports tcp, and udp, w/o special helper apps, and
will even work on ipx networks, since it a winsock replacement/wrapper.
Anything that uses winsock on windows, can work with winsock proxy.  This is
a microsoft only service, so don't try to get it working on unix, unless you
know how the winsock proxy client works.

Socks proxy, is a fully functional, non-authenticating socks 4 proxy server,
that only supports ftp, telnet, http, and (i think) gopher.  So as you can
see, it's not going to work with real-audio, or other apps of the non-web
client nature.  This proxy service, does allow for an ACL to determine what
ip addresses may use the socks proxy.  it's simillar to any other firewall
acl for authorization.

WebProxy, is an authenticating (by optional config option) http proxy
server.  It can authenticate against the windows accounts, via either NT
Challenge/Response method, or Clear Text method, depending on the IIS
authentication settings.  So long as the IIS service allow clear text
authentication, then you can use a non-Internet Explorer Browser, and
authenticate against the proxy server.   If anonymous access is allowed in
IIS, and the Web Proxy service does not require authentication, or rather,
permits the everyone group access to the web proxy service, then any
application that supports proxy servers will work, as the proxy server won't
ask for authentication.  Using applications designed to use an
authenticating http proxy server doesn't usually work, as the authentication
is not very standard.  It works by letting the proxy server request a
username/password, or passing as part of the proxy server parameter.  Where
the proxy settings of your web prowser ask for the address, enter in
http://user:password@proxy.server.address and set the port to port 80

Also, set the socks server to address to: proxy.server.address, and the port
to port 1080.  the socks server will work for all you web client functions,
if the client supports socks/proxy features.  but it will not work for
command line ftp, or telnet, etc.... for these, you need the winsock proxy,
or a special utility to encapsulate your socks requests and send them to the
socks proxy on port 1080.   But again, you are limited to only telnet, ftp,
http, etc...

----- Original Message -----
From: "Chris Odgers" <Chris.Odgers at sausage.com>
To: "'Jon Doyle'" <marsaro at suse.com>; "Greg Dickie" <greg at discreet.com>
Cc: "Rob Marsiglia" <litlrob at home.com>; <samba-ntdom at us5.samba.org>
Sent: Tuesday, January 02, 2001 10:33 PM
Subject: RE: USING WIN NT SERVER WITH PROXY SERVER

> *This message was transferred with a trial version of CommuniGate(tm) Pro*
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I think the problem is the fact that in most environments, MS proxy
> is set up to require NTLM authentication for the web side of things.
> Obviously, in a standard unix environment this isn't going to work
> too well, unless somebody wrote a meta-proxy which understood the
> NTLM stuff and spoke basic authentication to the unix clients.
>
> I can't comment on the socks proxy or winsock proxy parts, as I
> haven't had much exposure to them.
>
> Chris
>
> > -----Original Message-----
> > From: Jon Doyle [mailto:marsaro at suse.com]
> > Sent: Wednesday, January 03, 2001 5:30 PM
> > To: Greg Dickie
> > Cc: Rob Marsiglia; samba-ntdom at us5.samba.org
> > Subject: Re: USING WIN NT SERVER WITH PROXY SERVER
> >
> >
> >
> >
> > Hi;
> >
> > From my experiences with MS Proxy the only way that piece of
> > code works
> > well is with the MS Proxy Client. Yes, it is supposed to be SOCKS
> > compliant, but the ability to NAT was only introduced into their
> > new product ISC2k or ISA2k, something like that. it is true that
> > Squid can do
> > the HTTP Accelaration and access control that you may need
> > (in the case of
> > MS Proxy) and the Linux server will allow more flexibility to
> > add unix and
> > MAC clients behind it (MASQ), I do not even want to start a war on
> > the list over security avantages with Linux over MS, but you may
> > conclude I
> > would recommend the use of SAMBA/Squid/and Firewall/MASQ over
> > an MS Proxy.
> >
> > Regards,
> >
> >
> > Jon
> >
> >
> >
> > On Tue, 2 Jan 2001, Greg Dickie wrote:
> >
> > >
> > > I'm guessing that squid may have a way to do this.
> > >
> > > Greg
> > >
> > >
> > > On Tue, 2 Jan 2001, Rob Marsiglia wrote:
> > >
> > > > Date: Tue, 2 Jan 2001 20:43:53 -0500
> > > > From: Rob Marsiglia <litlrob at home.com>
> > > > To: samba-ntdom at us5.samba.org
> > > > Subject: USING WIN NT SERVER WITH PROXY SERVER
> > > >
> > > > I have a Nt server running proxy server and need to setup
> > redhat to use the internet through the NT proxy server, I
> > know samba doesnt do it, but what will?  I havent found a
> > resource to do it yet...anyone run into this problem and have
> > a resolution?
> > > >
> > >
> > >
> > --------------------------------------------------------------------
> > -
> > > Greg Dickie
> > > just a guy
> > > greg at discreet.com
> > >
> > >
> > >
> >
> >
> > ______________________________________________________________
> > _________________
> > Jon R. Doyle
> > Professional Services Director
> >        SuSE Linux Inc.
> >     510-628-3380 ext 5068
> > ______________________________________________________________
> > _________________
> > "a commitee is twelve men doing the work of one"
> > --John F. Kennedy
> >
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBOlI7Iq5S0FuupP0+EQKCTgCg2Rf20rtkDnmwS/DjcLotu+tN+1UAoLlm
> CGH6hqAzALmVssvTD5bOMOCn
> =ZWGM
> -----END PGP SIGNATURE-----
>
>