Squid NTLM passthrough to parent ISA
I've tried for a few days now to get my squid configuration to work with a parent ISA server using NTLM. I've read through a lot of really good threads on edugeek and elsewhere to get it this far, but I just can't get the authentication to work.
Initial installation seemed to go ok. Samba, winbind appear to work.
However, when I request a page in a browser, I get 3 pop up boxes asking for user / password.
squid access.log shows:
After 3 retries of putting in a user/password (and I was hoping it wouldn't prompt at all) I then get an error page from the parent proxy:
1206709266.220 7 <source IP> TCP_denied/407 2287 GET http://www.google.co.uk/ - NONE/- text/html
HTTP 407 Proxy Authentication Required - The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. (12209)
Internet Security and Acceleration Server
ISA Server: ISA.<somain>
Via: 1.0 UBFW.<domain>:3128 (squid/2.6.STABLE14)
checking the trust secret via RPC calls succeeded
net ads status -U <username>
Outputs a lot of information about the squid host from AD
my squid.conf contains
cache_peer servername parent 8080 0 default no-query login=PASS
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
authenticate_ttl 180 seconds
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
acl ntlm_users proxy_auth REQUIRED
http_access allow ntlm_users
IF I change the parent proxy address to that of another Linux box I have here running NTLMAPS, the request goes through and I can browse.
So I must be getting something really wrong with my squid.conf as far as the authentication side goes. :confused:
I've tried specifying a user/password on the cache_peer line and that didn't work either. I still got prompted at the client, and it still failed.
Any help appreciated, getting a bit fed up!
Ubuntu server 7.10
NTLM_AUTH Version 3.0.26a