Hi,
I am using squid version 2.5 stable 7.
I've just come up against a requirement to get a local Squid
transparent proxy
talking to an upstream ISA server that requires authentication.

The ISA is configured to require "Microsoft Integrated" (NTLM) login
over HTTP.
I add to the squid.conf the following line:

cache_peer 55.0.1.150 parent 33555 0 no-query default login=PASS

I can see NTLM negotiation passes between Client <-> SQUID <-> ISA.
But the NTLM authentication fails (error 407).

I am not sure, but it seems it is because squid changed its ports
during NTLM negotiation with the ISA server, thus, braking the
persistence connection to the ISA server.

I have applied a "connection pinning patch" to support NTLM
negotiation with WWW servers.
This does work for WWW authorization, but, it does not work for proxy
authorization.

1. Am I missing anything?
2. Do I need to do some coding improvement in order to support NTLM for
ISA?
3. Is there is any patch for that?
4. If some coding need be done, can someone give me some guidelines?

Thanks in advance,
Kimel