Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid and Windows 7/8 browser authentication (negotiate)

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jefft
      last edited by

      Does anyone know how to configure Squid in pfSense to work properly with recent versions of Windows?  At present, I'm testing Squid and SquidGuard but my Windows browsers aren't prompting for credentials and seem to be connecting to the proxy as anonymous.

      From what I can gather after a few too many hours on google, is that Windows 7 doesn't like basic authentication much and would much prefer negotiate or something better.  I found one registry tweak that claimed to make Windows happier with the lesser auth standards, but that doesn't seem to work.

      Try as I might, I've not found any clear guide on how to set up Squid on pfSense to work with higher authentication standards than "basic".  I'd be happy to run it using either the local or the freeRADIUS authentication back-end, but I'd rather avoid making changes to the packaged pfSense system as I don't fancy the risk of an update wiping them out later.

      Any help very much appreciated!

      Thanks,

      Jeff

      1 Reply Last reply Reply Quote 0
      • belleraB
        bellera
        last edited by

        I didn't try this environment but I think your problem is squid + Windows related.

        Google squid win7 win8 user authentication

        Please post your squid version package if you need more help.

        Another thread about Win7 clients, https://forum.pfsense.org/index.php?topic=75003.0

        1 Reply Last reply Reply Quote 0
        • J
          jefft
          last edited by

          Thanks… when I said "after a few too many hours on google", that was one of the many search terms I spent hours trying!  Sadly, I didn't find anything useful - almost all the posts are about either trying to prevent auth popups (I'd be happy to see one!) or authenticating against a Windows domain (I don't run one).

          pfSense 2.1.2-release; Squid Cache: Version 2.7.STABLE9

          I think the two ways out of this are probably (1) teach Windows to live with basic auth and to show the popup for credentials so that the user can enter and then save them; or (2) teach Squid to use one of the higher authentication standards against the local or RADIUS user databases.
          The latter is neater from the client side, but has the problem that it's likely to need custom modules/helpers installed and I'd rather not have a non-standard pfSense setup as that will probably break during an update at some point.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            Try squid3-dev(read forum tutorials to fetch missing libs) and captive portal authentication integration.

            It's fast and works really nice.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • J
              jefft
              last edited by

              Thanks Marcello, I'll have a look at that. :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.