We run squid for some clients that need to access partners' websites
that are set up to authenticate users using NTLM. (At least, we see
their servers passing the following headers

Server: Microsoft-IIS/5.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM

I understand that transparent passthrough authentication will not work
though an HTTP proxy, but what we end up seeing is that users off the
proxy receive a login prompt from the web server and can then
authenticate manually, but users on the proxy simply get an "access
denied" message from the web server and can't view the page - no login
prompt. Is this also related to the NTLM authentication not being
supported, or is there a way we can make it so that users are still
given the login prompt?


Darren Spruell
Sento I.S. Department