Solved

External Proxy NTLM automatic login

Posted on 2011-02-22
16
1,566 Views
Last Modified: 2013-12-08
Hi there,

we have external Proxy on Port :8080.
Everytime Internet Explorer or other Browser is opened Logon message popup.

Especially for Terminal Server User it is anoying.

Is it possible to do automatically login by asp / vbs or java script on browser start ?

Of course we can do one time login and save the login credential, but when temporally accounts are applied the login is required again.

THANKS
Stefan
0
Comment
Question by:darkangel1969
  • 7
  • 7
16 Comments
 
LVL 4

Accepted Solution

by:
fr0nk earned 125 total points
ID: 34950508
Can you configure the proxy to authenticate the computeraccount, regardless which user uses it?
0
 
LVL 76

Expert Comment

by:arnold
ID: 34951761
You could use NTLM, the problem is how you will have have the list of users on the external system?
You could prompt the user on first access and store the response with an expiration  time frame.
0
 

Author Comment

by:darkangel1969
ID: 34952594
I can create a user to login but I dont want to create all users in the company with password policies and changing password every 90 days. This must changed in the external proxy account also.

I like to use one account like user name : internet /  password : internet.

I cant create empty account or username with no password.

For the access it is "only" the login once but for some it is to much. Before it wasnt neccessary and now they wont accept it like this with login.
0
 
LVL 76

Expert Comment

by:arnold
ID: 34952870
Setup a local proxy that will chain to the external proxy and the local will provide the credentials to the external.

An old workstation can easily be setup as a squid proxy.  
0
 

Author Comment

by:darkangel1969
ID: 34953649
Hmm, right now we have AVM ken on one server which should be switched off cause its old and not reliable.
We was looking for a solution without internal proxy but it seems like there is no way to avoid this ...

 ... or anyone have idea maybe to place internet explorer start page with java or vb script to do login to external proxy ?!

Is Squid based on Linux ? May it have antivirus gateway and / or logging ?
0
 
LVL 76

Expert Comment

by:arnold
ID: 34954949
Yes. Linux or you can set it up on windows. Adding additional feature is possible.
0
 

Author Comment

by:darkangel1969
ID: 35398371
Hi,

anyone can give me a hint for configuration on squid parent proxy authentication ?

The parent is also a squid proxy in datacenter of our internet provider.

Thx
   stefan
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 76

Expert Comment

by:arnold
ID: 35400339
Could you explain what you are asking?
Are you asking on how to setup authentication within squid?
0
 

Author Comment

by:darkangel1969
ID: 35402782
I set up squid proxy in our office. Our Internet provider also use squid proxy but need authentication. My question is, how to do NTLM auth to the parent proxy from my squid.

thx
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 375 total points
ID: 35405409
Your NTLM is with your local users.  There is a peer definition within squid which is where you would define that your squid should connect to the upstream peer and provide the credentials to talk to it.

User <=> NTLM authentication to <=> your squid <= peer authentication => upstream squid.
0
 

Author Comment

by:darkangel1969
ID: 35413691
Does anyone have an example configuration file for squid and parent proxy authentication ?!

Stefan
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 375 total points
ID: 35413728
0
 

Author Comment

by:darkangel1969
ID: 35465311
It is squid for Windows 2.7 stable.

In which cases I use NTLM and / or basic and protocol_helper ?
Anyone can give example line for squid.conf ?

Any addional software is needed ?

thx
   stefan
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 375 total points
ID: 35466210
cache_peer <ip/hostname of upstream proxy> parent <peer proxy port> <icp port (3130 default for squid)> [proxy-only login=user:password]

Add the above line to your configuration.

There is no need for additional software.
0
 

Author Closing Comment

by:darkangel1969
ID: 35829377
The solution proposal doesnt solve the real problem.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

I had to do a bit of research to find the answer to this question so I thought I'd share my results.  Due to our outdated mainframe systems, we need to downgrade IE9 to IE8 in order to stay compatible.  We also needed to downgrade Java.  In order to…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now