Hi Amos,
Thanks for the suggestion.
I guess I would be able to partially validate my client with this approach.
Is there any publicly hosted squid proxy which provides full NTLM authentication that I can make use of?
Regards,
Prashant
----- Original Message ----
From: Amos Jeffries <[email protected]>
To: [email protected]
Sent: Thu, 3 June, 2010 9:55:29 AM
Subject: Re: [squid-users] Squid configuration for NTLM
On Wed, 2 Jun 2010 20:56:42 -0700 (PDT), "Prashant K.S"
<[email protected]> wrote:
> Hi Amos,
>
> One more question.
>
> My primary purpose is to test a NTLM client that I have developed
against
> Linux Squid proxy.
>
> If I cannot configure squid proxy, is there any openly available squid
> proxy that uses NTLM and for which I can register myself and get a user
> name and password which I can use for authentication and test my NTLM
> client.
>
> Regards,
> Prashant
Oh, that is a different prospect.
If you are just testing that the protocol coding etc is valid you can use
the fakeauth NTLM helper:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/LoggingOnly#NTLM_Authentication
It does NTLM challenges with random tokens and validates the client reply
blobs are self-consistent, but does not use any domain to check the coded
password/username actually match valid ones.
If the authentication blobs or connection handling are broken they will
show up with this handler.
If you need deeper checks the that username/token were being transferred
from the client to DC, then you will need a full real domain linkage setup.
Amos
>
> ----- Original Message ----
> From: Prashant K.S <[email protected]>
> To: Amos Jeffries <[email protected]>; [email protected]
> Sent: Thu, 3 June, 2010 9:11:09 AM
> Subject: Re: [squid-users] Squid configuration for NTLM
>
> Hi Amos,
>
> The domain I am talking about is my office network domain and my
computer
> cannot be a part of that domain. Is it possible to host myself a domain
or
> be a part of some domain that is available in open(Not sure how risky is
> it).
>
> Regards,
> Prashant
>
>
>
>
> ----- Original Message ----
> From: Amos Jeffries <[email protected]>
> To: [email protected]
> Sent: Thu, 3 June, 2010 9:05:48 AM
> Subject: Re: [squid-users] Squid configuration for NTLM
>
> On Wed, 2 Jun 2010 20:30:51 -0700 (PDT), "Prashant K.S"
> <[email protected]> wrote:
>> Hi Amos,
>>
>> Thanks for your reply.
>>
>> I want to correct my words. I do have access to some NT domain. But
just
>> that I have the user and password to authenticate against that domain.
> But
>> my computer is not part of that domain. Will I able to achieve NTLM
>> authentication with Squid using this setup. And If yes can you please
> let
>> me know the configuration.
>
> Okay good.
>
> You won't be able to do it without making the proxy a machine account on
> the domain. Apparently the winbindd manual page has details on how the
> Linux machine needs to be configured into the domain.
>
> Details on the Squid and Samba setup can be found here:
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm
>
> Amos
Received on Thu Jun 03 2010 - 05:11:01 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 03 2010 - 12:00:04 MDT