1 .if !'po4a'hide' .TH ntlm_sspi_auth.exe 8
4 ntlm_sspi_auth.exe \- Native Windows NTLM/NTLMv2 authenticator for Squid
9 .if !'po4a'hide' .B ntlm_sspi_auth.exe
10 .if !'po4a'hide' .B "[\-dhv] [\-A "
12 .if !'po4a'hide' .B "] [\-D "
14 .if !'po4a'hide' .B "]"
18 is an installed binary built on Windows systems. It provides native access to the
19 Security Service Provider Interface of Windows for authenticating with NTLM / NTLMv2.
20 It has automatic support for NTLM NEGOTIATE packets.
23 .if !'po4a'hide' .TP 12
24 .if !'po4a'hide' .B \-A
25 Specify a Windows Local Group name allowed to authenticate.
28 .if !'po4a'hide' .B \-d
29 Write debug info to stderr.
32 .if !'po4a'hide' .B \-D
33 Specify a Windows Local Group name which is to be denied authentication.
36 .if !'po4a'hide' .B \-h
37 Display the binary help and command line syntax info using stderr.
40 .if !'po4a'hide' .B \-v
41 Enables verbose NTLM packet debugging.
47 Users that are allowed to access the web proxy must have the Windows NT
48 User Rights "logon from the network".
50 Optionally the authenticator can verify the NT LOCAL group membership of
51 the user against the User Group specified in the Authenticator's command
54 This can be accomplished creating a local user group on the NT machine,
55 grant the privilege, and adding users to it, it works only with MACHINE
56 Local Groups, not Domain Local Groups.
58 Better group checking is available with external ACL, see
59 .B ext_ad_group_acl.exe
63 typical minimal required changes:
65 .if !'po4a'hide' .B auth_param ntlm program c:/squid/libexec/ntlm_sspi_auth.exe
66 .if !'po4a'hide' .B auth_param ntlm children 5
68 .if !'po4a'hide' .B acl password proxy_auth REQUIRED
70 .if !'po4a'hide' .B http_access allow password
71 .if !'po4a'hide' .B http_access deny all
75 Refer to Squid documentation for more details.
78 Internet Explorer has some problems with
80 URLs when handling internal Squid FTP icons.
83 ACL works around this when placed before the authentication ACL:
85 .if !'po4a'hide' .B acl internal_icons urlpath_regex \-i /squid-internal-static/icons/
87 .if !'po4a'hide' .B http_access allow our_networks internal_icons
91 This program was written by
92 .if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it>
94 Based on prior work in by
95 .if !'po4a'hide' .I Francesco Chemolli <kinkie@squid-cache.org>
96 .if !'po4a'hide' .I Robert Collins <lifeless@squid-cache.org>
98 This manual was written by
99 .if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it>
100 .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
104 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
106 * Squid software is distributed under GPLv2+ license and includes
107 * contributions from numerous individuals and organizations.
108 * Please see the COPYING and CONTRIBUTORS files for details.
110 This program and documentation is copyright to the authors named above.
112 Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
115 Questions on the usage of this program can be sent to the
116 .I Squid Users mailing list
117 .if !'po4a'hide' <squid-users@squid-cache.org>
120 Bug reports need to be made in English.
121 See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
123 Report bugs or bug fixes using http://bugs.squid-cache.org/
125 Report serious security bugs to
126 .I Squid Bugs <squid-bugs@squid-cache.org>
128 Report ideas for new improvements to the
129 .I Squid Developers mailing list
130 .if !'po4a'hide' <squid-dev@squid-cache.org>
133 .if !'po4a'hide' .BR squid "(8), "
134 .if !'po4a'hide' .BR GPL "(7), "
137 .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
139 The Squid Configuration Manual
140 .if !'po4a'hide' http://www.squid-cache.org/Doc/config/
projects / thirdparty / squid.git / blob