]>
Commit | Line | Data |
---|---|---|
1 | .if !'po4a'hide' .TH ntlm_sspi_auth.exe 8 | |
2 | . | |
3 | .SH NAME | |
4 | ntlm_sspi_auth.exe \- Native Windows NTLM/NTLMv2 authenticator for Squid | |
5 | .PP | |
6 | Version 1.22 | |
7 | . | |
8 | .SH SYNOPSIS | |
9 | .if !'po4a'hide' .B ntlm_sspi_auth.exe | |
10 | .if !'po4a'hide' .B "[\-dhv] [\-A " | |
11 | Group Name | |
12 | .if !'po4a'hide' .B "] [\-D " | |
13 | Group Name | |
14 | .if !'po4a'hide' .B "]" | |
15 | . | |
16 | .SH DESCRIPTION | |
17 | .B ntlm_sspi_auth.exe | |
18 | is an installed binary built on Windows systems. It provides native access to the | |
19 | Security Service Provider Interface of Windows for authenticating with NTLM / NTLMv2. | |
20 | It has automatic support for NTLM NEGOTIATE packets. | |
21 | . | |
22 | .SH OPTIONS | |
23 | .if !'po4a'hide' .TP 12 | |
24 | .if !'po4a'hide' .B \-A | |
25 | Specify a Windows Local Group name allowed to authenticate. | |
26 | . | |
27 | .if !'po4a'hide' .TP | |
28 | .if !'po4a'hide' .B \-d | |
29 | Write debug info to stderr. | |
30 | . | |
31 | .if !'po4a'hide' .TP | |
32 | .if !'po4a'hide' .B \-D | |
33 | Specify a Windows Local Group name which is to be denied authentication. | |
34 | . | |
35 | .if !'po4a'hide' .TP | |
36 | .if !'po4a'hide' .B \-h | |
37 | Display the binary help and command line syntax info using stderr. | |
38 | . | |
39 | .if !'po4a'hide' .TP | |
40 | .if !'po4a'hide' .B \-v | |
41 | Enables verbose NTLM packet debugging. | |
42 | . | |
43 | .SH CONFIGURATION | |
44 | .PP | |
45 | .B Allowing Users | |
46 | .PP | |
47 | Users that are allowed to access the web proxy must have the Windows NT | |
48 | User Rights "logon from the network". | |
49 | .PP | |
50 | Optionally the authenticator can verify the NT LOCAL group membership of | |
51 | the user against the User Group specified in the Authenticator's command | |
52 | line. | |
53 | .PP | |
54 | This can be accomplished creating a local user group on the NT machine, | |
55 | grant the privilege, and adding users to it, it works only with MACHINE | |
56 | Local Groups, not Domain Local Groups. | |
57 | .PP | |
58 | Better group checking is available with external ACL, see | |
59 | .B ext_ad_group_acl.exe | |
60 | documentation. | |
61 | .PP | |
62 | .B squid.conf | |
63 | typical minimal required changes: | |
64 | .if !'po4a'hide' .RS | |
65 | .if !'po4a'hide' .B auth_param ntlm program c:/squid/libexec/ntlm_sspi_auth.exe | |
66 | .if !'po4a'hide' .B auth_param ntlm children 5 | |
67 | .if !'po4a'hide' .br | |
68 | .if !'po4a'hide' .B acl password proxy_auth REQUIRED | |
69 | .if !'po4a'hide' .br | |
70 | .if !'po4a'hide' .B http_access allow password | |
71 | .if !'po4a'hide' .B http_access deny all | |
72 | .if !'po4a'hide' .RE | |
73 | . | |
74 | .PP | |
75 | Refer to Squid documentation for more details. | |
76 | . | |
77 | .PP | |
78 | Internet Explorer has some problems with | |
79 | .B ftp:// | |
80 | URLs when handling internal Squid FTP icons. | |
81 | The following | |
82 | .B squid.conf | |
83 | ACL works around this when placed before the authentication ACL: | |
84 | .if !'po4a'hide' .RS | |
85 | .if !'po4a'hide' .B acl internal_icons urlpath_regex \-i /squid-internal-static/icons/ | |
86 | .if !'po4a'hide' .br | |
87 | .if !'po4a'hide' .B http_access allow our_networks internal_icons | |
88 | .if !'po4a'hide' .RE | |
89 | . | |
90 | .SH AUTHOR | |
91 | This program was written by | |
92 | .if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it> | |
93 | .PP | |
94 | Based on prior work in by | |
95 | .if !'po4a'hide' .I Francesco Chemolli <kinkie@squid-cache.org> | |
96 | .if !'po4a'hide' .I Robert Collins <lifeless@squid-cache.org> | |
97 | .PP | |
98 | This manual was written by | |
99 | .if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it> | |
100 | .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org> | |
101 | . | |
102 | .SH COPYRIGHT | |
103 | .PP | |
104 | * Copyright (C) 1996-2020 The Squid Software Foundation and contributors | |
105 | * | |
106 | * Squid software is distributed under GPLv2+ license and includes | |
107 | * contributions from numerous individuals and organizations. | |
108 | * Please see the COPYING and CONTRIBUTORS files for details. | |
109 | .PP | |
110 | This program and documentation is copyright to the authors named above. | |
111 | .PP | |
112 | Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). | |
113 | . | |
114 | .SH QUESTIONS | |
115 | Questions on the usage of this program can be sent to the | |
116 | .I Squid Users mailing list | |
117 | .if !'po4a'hide' <squid-users@lists.squid-cache.org> | |
118 | . | |
119 | .SH REPORTING BUGS | |
120 | Bug reports need to be made in English. | |
121 | See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. | |
122 | .PP | |
123 | Report bugs or bug fixes using http://bugs.squid-cache.org/ | |
124 | .PP | |
125 | Report serious security bugs to | |
126 | .I Squid Bugs <squid-bugs@lists.squid-cache.org> | |
127 | .PP | |
128 | Report ideas for new improvements to the | |
129 | .I Squid Developers mailing list | |
130 | .if !'po4a'hide' <squid-dev@lists.squid-cache.org> | |
131 | . | |
132 | .SH SEE ALSO | |
133 | .if !'po4a'hide' .BR squid "(8), " | |
134 | .if !'po4a'hide' .BR GPL "(7), " | |
135 | .br | |
136 | The Squid FAQ wiki | |
137 | .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq | |
138 | .br | |
139 | The Squid Configuration Manual | |
140 | .if !'po4a'hide' http://www.squid-cache.org/Doc/config/ |