]>
Commit | Line | Data |
---|---|---|
bc25525a AJ |
1 | .if !'po4a'hide' .TH ntlm_sspi_auth.exe 8 |
2 | . | |
3 | .SH NAME | |
4 | .if !'po4a'hide' .B ntlm_sspi_auth.exe | |
5 | .if !'po4a'hide' \- | |
6 | Native Windows NTLM/NTLMv2 authenticator for Squid with | |
7 | automatic support for NTLM NEGOTIATE packets. | |
8 | .PP | |
9 | Version 1.22 | |
10 | . | |
11 | .SH SYNOPSIS | |
12 | .if !'po4a'hide' .B ntlm_sspi_auth.exe | |
13 | .if !'po4a'hide' .B "[\-dhv] [\-A " | |
14 | Group Name | |
15 | .if !'po4a'hide' .B "] [\-D " | |
16 | Group Name | |
17 | .if !'po4a'hide' .B "]" | |
18 | . | |
19 | .SH DESCRIPTION | |
20 | .B ntlm_sspi_auth.exe | |
21 | is an installed binary built on Windows systems. It provides native access to the | |
22 | Security Service Provider Interface of Windows for authenticating with NTLM / NTLMv2. | |
23 | It has automatic support for NTLM NEGOTIATE packets. | |
24 | . | |
25 | .SH OPTIONS | |
26 | .if !'po4a'hide' .TP 12 | |
27 | .if !'po4a'hide' .B \-d | |
28 | Write debug info to stderr. | |
29 | .if !'po4a'hide' .B \-h | |
30 | Display the binary help and command line syntax info using stderr. | |
31 | .if !'po4a'hide' .B \-v | |
32 | Enables verbose NTLM packet debugging. | |
33 | .if !'po4a'hide' .B \-A | |
34 | Specify a Windows Local Group name allowed to authenticate. | |
35 | .if !'po4a'hide' .B \-D | |
36 | Specify a Windows Local Group name which is to be denied authentication. | |
37 | . | |
38 | .SH CONFIGURATION | |
39 | .PP Allowing Users | |
40 | .PP | |
41 | Users that are allowed to access the web proxy must have the Windows NT | |
42 | User Rights "logon from the network". | |
43 | .PP | |
44 | Optionally the authenticator can verify the NT LOCAL group membership of | |
45 | the user against the User Group specified in the Authenticator's command | |
46 | line. | |
47 | .PP | |
48 | This can be accomplished creating a local user group on the NT machine, | |
49 | grant the privilege, and adding users to it, it works only with MACHINE | |
50 | Local Groups, not Domain Local Groups. | |
51 | .PP | |
52 | Better group checking is available with External Acl, see mswin_check_group | |
53 | documentation. | |
54 | .PP | |
55 | .B squid.conf | |
56 | typical minimal required changes: | |
57 | .if !'po4a'hide' .RS | |
58 | .if !'po4a'hide' auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe | |
59 | .if !'po4a'hide' auth_param ntlm children 5 | |
60 | .if !'po4a'hide' | |
61 | .if !'po4a'hide' acl password proxy_auth REQUIRED | |
62 | .if !'po4a'hide' | |
63 | .if !'po4a'hide' http_access allow password | |
64 | .if !'po4a'hide' http_access deny all | |
65 | . | |
66 | .PP Refer to Squid documentation for more details. | |
67 | . | |
68 | .PP | |
69 | Internet Explorer has some problems with | |
70 | .B ftp:// | |
71 | URLs when handling internal Squid FTP icons. | |
72 | The following | |
73 | .B squid.conf | |
74 | ACL works around this when placed before the authentication ACL: | |
75 | .if !'po4a'hide' .RS | |
76 | .if !'po4a'hide' acl internal_icons urlpath_regex -i /squid-internal-static/icons/ | |
77 | .if !'po4a'hide' | |
78 | .if !'po4a'hide' http_access allow our_networks internal_icons | |
79 | . | |
80 | .SH AUTHOR | |
81 | This program was written by | |
82 | .if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it> | |
83 | .PP | |
84 | Based on prior work in by | |
85 | .if !'po4a'hide' .I Francesco Chemolli <kinkie@squid-cache.org> | |
86 | .if !'po4a'hide' .I Robert Collins <lifeless@squid-cache.org> | |
87 | .PP | |
88 | This manual was written by | |
89 | .if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it> | |
90 | .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org> | |
91 | . | |
92 | .SH COPYRIGHT | |
93 | This program and documentation is copyright to the authors named above. | |
94 | .PP | |
95 | Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). | |
96 | . | |
97 | .SH QUESTIONS | |
98 | Questions on the usage of this program can be sent to the | |
99 | .I Squid Users mailing list | |
100 | .if !'po4a'hide' <squid-users@squid-cache.org> | |
101 | . | |
102 | .SH REPORTING BUGS | |
103 | Bug reports need to be made in English. | |
104 | See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. | |
105 | .PP | |
106 | Report bugs or bug fixes using http://bugs.squid-cache.org/ | |
107 | .PP | |
108 | Report serious security bugs to | |
109 | .I Squid Bugs <squid-bugs@squid-cache.org> | |
110 | .PP | |
111 | Report ideas for new improvements to the | |
112 | .I Squid Developers mailing list | |
113 | .if !'po4a'hide' <squid-dev@squid-cache.org> | |
114 | . | |
115 | .SH SEE ALSO | |
116 | .if !'po4a'hide' .BR squid "(8), " | |
117 | .if !'po4a'hide' .BR GPL "(7), " | |
118 | .br | |
119 | The Squid FAQ wiki | |
120 | .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq | |
121 | .br | |
122 | The Squid Configuration Manual | |
123 | .if !'po4a'hide' http://www.squid-cache.org/Doc/config/ |