Tuesday, November 10, 2009

Squid and NTLM etc..

Hi all,

I've just implimented a Squid3 proxy @ work today, and used ntlm to authenticate back to the cache to provide reporting and filtering.

One thing i did notice that should be changed on a vista based network or 2008 server based network.. or hell, windows7 for that matter, is that vista does not negotiate ntlm v1 by default, which is what squid3 uses as well as linux on whole.

To get around this, create a GPO policy that modifies the client machines to negotiate to ntlm v1 if v2 isnt available. 

Start -> gpedit.msc (run as administrator)
Computer configuration -> Policies->Windows Settings ->Security Settings->Local Policies ->Security Options

Find  "Network Security: LAN MANAGER Authentication Level"
Set it  to "Send LM * NTLM - use NTLMv2 session security if negotiated"