Hi again, I have got even more info on how this would like to be done.
They are talking about they might want to use Forms authentication for users on the internet and from what I think I understand that is basicly just a .net website so that should be too hard to get running :\ But in the end they would really like AD authentication without forms because forms reports the username differently to sharepoint it seems. If I was not to use NTLM but simple ldap calls to AD would this allow me to authenticate on squid then send the credentials strait through to sharepoint for it to be authenticated again there? From what I see the auth type needs to be kept to the basic type to be able to pass through? Could someone elaborate here for me? Sorry for all the questions but I have spent a lot of time googling and cant really get a definite answer. Cheers, Simon Dwyer -----Original Message----- From: Dwyer, Simon Sent: Wednesday, 27 February 2008 11:26 AM To: Dwyer, Simon Subject: RE: [squid-users] Squid, ISA and Sharepoint Hi all, I have now been given a rundown on what the company wants to do with the reverse proxy. Basically they want to serve a sharepoint server via a reverse proxy that will do authentication with AD, Forms authentication and Anon access (guest). They want to do authentication on the proxy and then have the proxy pass the credentials through to sharepoint so they wont have to authenticate again. They are saying ISA will do this fine (have not really looked into it). They want to do the auth on the proxy so that the authentication happens before the connection gets into the internal network. Will this be possible with Squid, be it 2.6 or 3.0? Cheers in advance. Simon Dwyer -----Original Message----- From: Dwyer, Simon Sent: Tuesday, 19 February 2008 8:28 AM To: 'Kinkie'; Adrian Chadd Cc: squid-users@squid-cache.org Subject: RE: [squid-users] Squid, ISA and Sharepoint This is the kind if information and insight I was after. Thanks for the ideas guys :) Simon. -----Original Message----- From: Kinkie [mailto:[EMAIL PROTECTED] Sent: Monday, 18 February 2008 5:38 PM To: Adrian Chadd Cc: Dwyer, Simon; squid-users@squid-cache.org Subject: Re: [squid-users] Squid, ISA and Sharepoint On Feb 18, 2008 7:37 AM, Adrian Chadd <[EMAIL PROTECTED]> wrote: > On Mon, Feb 18, 2008, Dwyer, Simon wrote: > > > I believe they want to authenticate twice but I do not really see the point. > > They will have to authenticate with the sharepoint no matter what happens. > > > > Is it possible to get squid to authenticate a user using Active Directory > > while reverse proxying? > > I'm not sure if Squid can do NTLM authentication as an origin server. > I know it can just pass through the requests and let the sharepoint server > do authentication. > > Henrik? Robert? Kinkie? It should work just fine, there's nothing in the code that I remember preventing it. The only way to be sure is "just trying" :) Authenticating in NTLM over the Internet however is, in my opinion, pointless and even dangerous - even Microsoft recommends against it (or at least used to). It allows anyone on the Internet to mount a wide range of DOS attacks against AD - I'm not talking about a performance DOS, what I'm referring to is the possibility to lock one (or all) users out of logging on their PC. -- /kinkie
