I've just implimented a Squid3 proxy @ work today, and used ntlm to authenticate back to the cache to provide reporting and filtering.
One thing i did notice that should be changed on a vista based network or 2008 server based network.. or hell, windows7 for that matter, is that vista does not negotiate ntlm v1 by default, which is what squid3 uses as well as linux on whole.
To get around this, create a GPO policy that modifies the client machines to negotiate to ntlm v1 if v2 isnt available.
Start -> gpedit.msc (run as administrator)
Computer configuration -> Policies->Windows Settings ->Security Settings->Local Policies ->Security Options
Find "Network Security: LAN MANAGER Authentication Level"
Set it to "Send LM * NTLM - use NTLMv2 session security if negotiated"
No comments:
Post a Comment