Hello All, SETUP: I am running squid-2.5.STABLE3 on RH7.3 (2.4.18-4) in a network environment that also contains a Windows 2000 domain as well as a number of Linux machines.
REQUIREMENTS: I wish to set up Squid so that it requires authentication. I want Squid to support NTLM (for any MSIE user agents) and BASIC (for any other user agents). I posted a similar question here (http://www.squid-cache.org/mail-archive/squid-users/200311/0682.html) One of the responses that I received was from Henrik and read: "Squid always challenges using all configured authentication schemes. It is the client who selects the most suitable scheme to use. What this means is that this "fallback" should be automatic. User-agents who support NTLM will use NTLM, others will use Basic (or Digest if configured and supported by the user-agent)." This confused me as I had read the following in the Squid FAQ (read it for yourself here: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html - ss23.1 ): "although currently you can only use one scheme at a time." According to my interpretation of Henrik's response I should be able to meet my requirements by configuring Squid with the following options: ./configure --prefix=/usr/local/squid --enable-auth="ntlm,basic" \ --enable-ntlm-auth-helpers="SMB" --enable-basic-auth-helpers="NCSA" \ --enable-ntlm-fail-open Then all I should need to do is configure the following directives in squid.conf: auth_param ntlm program /usr/local/squid/libexec/ntlm_auth MYDOMAIN/pdcbox auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/.passwd auth_param basic children 5 auth_param basic realm My Company LAN auth_param basic credentialsttl 2 hours acl people proxy_auth REQUIRED http_access allow people http_access deny all I also have the following directive configured. cache_peer 165.228.128.10 parent 3128 0 no-query default Have I got it right? Did I miss any required compilation options or directives? Can someone please comment? Thank you, Matthew Richards