Transparent Squid Proxy with Samba 3 NTLM_AUTH and multiple domain controllers

Ed Plese ed at edplese.com
Wed Dec 31 17:08:30 GMT 2003


> We are using Squid in a transparent proxy fashion for logging. This
> setup works great in every fashion except its transparency. (yuck!!)
> 
> Problem: Occasionally (like once every 4 hours), a Windows client user
> will call help desk saying "Internet Explorer" is asking for my
> username/password/domain to access a web page.

I'll say right away that I've never tried transparent proxying with squid
along with NTLM authentication.  The reason for this is that everything I've
read sternly indicates that transparent proxying with squid does not work
with proxy_auth.


>From the squid FAQ:
(http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.15)

17.15 Can I use proxy_auth with interception?

No, you cannot. With interception proxying, the client thinks it is talking
to an origin server and would never send the Proxy-authorization request
header. 


>From squid.conf:
# WARNING: proxy_auth can't be used in a transparent proxy. It
# collides with any authentication done by origin servers. It may
# seem like it works at first, but it doesn't.


Unless somehow ntlm_auth doesn't count as proxy_auth then what you're trying
to do is not possible with squid.  Someone please correct me if I'm wrong
here because squid and samba work great together and I'd love to see this work
transparently.

-Ed



More information about the samba-technical mailing list