[squid-users] Reverse Proxy And Kerberos/NTLM Passthrough

From: Caleb Anthony <[email protected]>
Date: Tue, 6 Feb 2007 18:46:51 -0700

Hello,

I'm having some trouble setting up the latest version of SquidNT
(2.6STABLE9) as a reverse proxy and have it passthrough Kerberos/NTLM
to an IIS 6 web server that is serving pages with "Windows Integrated
Authentication" enabled.

I did find this thread on the mailing list, so I do know that this is
possible with Squid 2.6:

http://www.mail-archive.com/squid-users@squid-cache.org/msg41910.html

Unfortunately, the thread didn't really detail what the final fix was.

The important settings in my squid.conf are as follows:

client and server persistent connections are enabled
no-connection-auth is not set on http_port
connection-auth is set to on on cache_peer
login=PASS is set on cache_peer

The reverse proxy does serve non-windows integrated authentication
pages fine (anonymous pages), and it even served digest pages ok. But
when I load a WIA page, I get prompted for a username and password. If
I supply it with a username and password, it fails.

Any help would be appreciated.

Thanks,

Caleb Anthony
Received on Tue Feb 06 2007 - 18:46:54 MST

This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST