RE: [squid-users] Problems with NTLM on squid 2.5

Yes, but, how will I define that with acl's?
Since, I tried to put:
acl ntmlac proxy_auth REQUIRED
http_access allow ntmlac
http_access allow all

.. and even than I still cannot use netscape.
Could you please help with config I should change,
to enable it to work?
Or, if ntml challenge fails, it will fall back to basic
auth? (if I enable both in configure script?)

Tnx!

-----Original Message-----
From: Robert Collins [mailto:robert.collins@itdomain.com.au]
Sent: Wednesday, May 23, 2001 12:39 PM
To: Niksa Franceschi; squid-users@squid-cache.org
Subject: Re: [squid-users] Problems with NTLM on squid 2.5

Netscape doesn't support NTLM. What you need to do is configure basic
auth as well. One of the SMB basic helpers will let you get domain user
names from netscape (but there will be a login box).

Rob

----- Original Message -----
From: "Niksa Franceschi" <n.franceschi@vipnet.hr>
To: <squid-users@squid-cache.org>
Sent: Wednesday, May 23, 2001 8:31 PM
Subject: [squid-users] Problems with NTLM on squid 2.5

> Hi!
>
> I've got some problems with Squid 2.5 and NTLM authorization.
> Version I'm testing is squid-head-200105222300
> Authorization on our Domain works OK with IE browsers,
> but, when using Netscape I get lots of errors.
> What happens is, when I try to connect to some sith with netscape
> it asks for username/password. No matter what I enter, browser
> seems to go into 'loop' and try to access that site, while in
access.log
> I get
> XXX.XXX.XXX.XXX (null) - [23/May/2001:11:16:09 +0200] "GET
http://some.site
> HTTP/1.0" 407 1258 TCP_DENIED:NONE
> and this message is entered every time in log, that netscape tries to
> access it (~100-lines per second).
>
> So, how can I make netscape work with NTLM?
> A least, if not work, how can I deny access to web with them, so
> I could force all users to use IE?
> (since every time someone will try to use IE, I'll get few thousands
> of TCP_DENIED lines in log).
>
> I also did try to add after 'http_access allow ntlmusers'
> 'http_access allow all', but still no-go.
>
> This one is rather important thing, since my management wants
> to try to put Micro$oft proxy, instead of squid, since they need
> to have domain users in logs with sites they browse.
> Plz help :)
>
> TIA!
>
Received on Wed May 23 2001 - 04:44:51 MDT