samba - Feb 2004 - authenticating to an NTLM proxy from a Linux http client

Microsoft's proxy server uses NTLM authentication, which I gather provides
non-standard http authentication, so that *nix clients traditionally cannot
use it. The latest mozilla (v1.6) now supports NTLM, so I can at last use it
to surf web. Good for mozilla!

However, any other http client (e.g. wget or Debian's apt-get) is still
stuck, unable to authenticate.

I understand that samba3 is able to provide NTLM authentication, but I can't
see how it could be set up to pass on that authentication to the proxy
server. Samba won't act as an in-between "transparent proxy" that
way, will it?

Likewise, squid can provide NTLM authentication, but again, this won't help
me get through my institution's MS ISA proxy server, will it? So installing
squid on my linux box won't help, it won't act as a go-between in front
of
the real proxy, true?

Is there a solution I've missed? Is there any way samba can be leveraged to
connect to the proxy server?  Or if it really Can't Be Done, could someone
kindly say so and put me out of my misery?

Thanks,

Drew

p.s. please CC: me, I'm not subscribed to this mailing list.

-- 
PGP public key available at http://people.debian.org/~dparsons/drewskey.txt
Fingerprint: A110 EAE1 D7D2 8076 5FE0  EC0A B6CE 7041 6412 4E4A

On Sun, 2004-02-01 at 20:41, Drew Parsons wrote:
> Microsoft's proxy server uses NTLM authentication, which I gather
provides
> non-standard http authentication, so that *nix clients traditionally cannot
> use it. The latest mozilla (v1.6) now supports NTLM, so I can at last use
it
> to surf web. Good for mozilla!
> 
> However, any other http client (e.g. wget or Debian's apt-get) is still
> stuck, unable to authenticate.
> 
> I understand that samba3 is able to provide NTLM authentication, but I
can't
> see how it could be set up to pass on that authentication to the proxy
> server. Samba won't act as an in-between "transparent proxy"
that way, will it?
> 
> Likewise, squid can provide NTLM authentication, but again, this won't
help
> me get through my institution's MS ISA proxy server, will it? So
installing
> squid on my linux box won't help, it won't act as a go-between in
front of
> the real proxy, true?
Correct, squid is not an NTLMSSP client.
> Is there a solution I've missed? Is there any way samba can be
leveraged to
> connect to the proxy server?  Or if it really Can't Be Done, could
someone
> kindly say so and put me out of my misery?
Samba has an NTLMSSP client and server implementation, that can be used
by external programs.  The interface is currently not the best, but you
can call ntlm_auth over stdio to do the job.  (This presumes you wish to
modify the source to wget or apt-get).

This is in Samba 3.0.2, of which we just released rc2.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20040201/ff6fdfb9/attachment.bin