Hi Kinkie,
At 18.45 02/01/2009, Kinkie wrote:
Could you try to get a network trace of a successfully authenticated
http transaction?
I would love to see how they do it...
Websense too is using something similar for filtering:
They maintain an IP Address/Username table on the policy server. The
table can be populated using different ways:
- A logon agent, a little executable running on every client at logon time
- Direct query to the user workstation
- A DC agent that query DCs for user sessions
There isn't any kind of web browser authentication, and this solution
cannot work with non Windows clients or machine non domain member.
Multiuser terminal server environments cannot be supported and the WS
policy server should be Windows based and domain member for full functionality.
Regards
Guido
Thanks!
On 1/2/09, Johnson, S sjohn...@edina.k12.mn.us wrote:
That's too bad... I've set up numerous Bluecoat proxies and they do
have this capability. But of course, you're paying about $50k usd /
box.
-Original Message-
From: Guido Serassio [mailto:guido.seras...@acmeconsulting.it]
Sent: Thursday, January 01, 2009 4:00 AM
To: Johnson, S; squid-users@squid-cache.org
Subject: Re: [squid-users] NTLM and transparent/interception confusion
Hi,
At 20.06 31/12/2008, Johnson, S wrote:
I've been doing a lot of reading on this... I've got the proxy working
in either of these two modes:
1) As a browser configuration proxy
2) with http_port 3128 transparent, in redirected mode
I've got NTLM authentication working just fine with #1 above. However,
with #2 I never get a password prompt. I don't really care about
transparency; I just want to authenticate users that are outbound
without having to configure their browser.
I asked this question a couple of months back and there are people
stating that they are doing the authentication with transparent mode.
Some of the references I've found in my searches also seem to
corroborate the possibility of this working (but it's not working for
me). However, in the documentation it seems that this should not be
possible. Am I barking up the wrong tree or is this truly possible?
You cannot.
Youa are mixing two very different and incompatible things:
- Transparent/intercepting proxy
- NTLM transparent (silent) authentication, also known as Windows
integrated authentication
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-e56904dd4dfe
0e21e5c2903473c473d401533ac7
Regards and happy New Year
Guido
-
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.seras...@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
/kinkie
-
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.seras...@acmeconsulting.it
WWW: http://www.acmeconsulting.it/