I have integrated Squid running on a gateway Debian machine with an LDAP directory.
I have an acl called ldaplogin for the ldap authentication configured with the right parameters. I also have rules like this using the acl
acl ldaplogin proxy_auth REQUIRED
http_access deny !ldaplogin
http_access allow localnet
http_access deny all
I have iptables redirect port 80 to port 3128 on the gateway machine running squid.
However, the browser running on a laptop which is behind the gateway doesn't ask for password at all. However, if I go to IE & set the IP of the gateway as proxy with port 3128, then in that case the browser asks for username/password.
Is there any way at all to have it working even without setting a proxy in the browser?
Transparent HTTP proxies and proxy authentication don't work well together. The browser doesn't "know" that it's talking to a proxy server (since you're redirecting the traffic below layer 7) and you end up "breaking" sites that need HTTP authentication. (See the squid-cache wiki for some addt'l perspective).
Your best bet to get clients to use the proxy w/o having to manually alter client settings is probably to use a proxy auto-configuration file if you have clients that support it.