Re: [squid-users] Problems with NTLM on squid 2.5

From: Robert Collins <robert.collins@dont-contact.us>
Date: Wed, 23 May 2001 20:49:44 +1000

----- Original Message -----
From: "Niksa Franceschi" <n.franceschi@vipnet.hr>
To: <squid-users@squid-cache.org>
Sent: Wednesday, May 23, 2001 8:44 PM
Subject: RE: [squid-users] Problems with NTLM on squid 2.5

> Yes, but, how will I define that with acl's?
> Since, I tried to put:
> acl ntmlac proxy_auth REQUIRED
> http_access allow ntmlac
> http_access allow all
>
> .. and even than I still cannot use netscape.
> Could you please help with config I should change,
> to enable it to work?
> Or, if ntml challenge fails, it will fall back to basic
> auth? (if I enable both in configure script?)

enable both in config script. config a basic auth helper and an ntlm
auth helper.

the proxyauth acls are shared across all auth types.

Rob

> Tnx!
>
>
> -----Original Message-----
> From: Robert Collins [mailto:robert.collins@itdomain.com.au]
> Sent: Wednesday, May 23, 2001 12:39 PM
> To: Niksa Franceschi; squid-users@squid-cache.org
> Subject: Re: [squid-users] Problems with NTLM on squid 2.5
>
>
> Netscape doesn't support NTLM. What you need to do is configure basic
> auth as well. One of the SMB basic helpers will let you get domain
user
> names from netscape (but there will be a login box).
>
> Rob
>
> ----- Original Message -----
> From: "Niksa Franceschi" <n.franceschi@vipnet.hr>
> To: <squid-users@squid-cache.org>
> Sent: Wednesday, May 23, 2001 8:31 PM
> Subject: [squid-users] Problems with NTLM on squid 2.5
>
>
> > Hi!
> >
> > I've got some problems with Squid 2.5 and NTLM authorization.
> > Version I'm testing is squid-head-200105222300
> > Authorization on our Domain works OK with IE browsers,
> > but, when using Netscape I get lots of errors.
> > What happens is, when I try to connect to some sith with netscape
> > it asks for username/password. No matter what I enter, browser
> > seems to go into 'loop' and try to access that site, while in
> access.log
> > I get
> > XXX.XXX.XXX.XXX (null) - [23/May/2001:11:16:09 +0200] "GET
> http://some.site
> > HTTP/1.0" 407 1258 TCP_DENIED:NONE
> > and this message is entered every time in log, that netscape tries
to
> > access it (~100-lines per second).
> >
> > So, how can I make netscape work with NTLM?
> > A least, if not work, how can I deny access to web with them, so
> > I could force all users to use IE?
> > (since every time someone will try to use IE, I'll get few thousands
> > of TCP_DENIED lines in log).
> >
> > I also did try to add after 'http_access allow ntlmusers'
> > 'http_access allow all', but still no-go.
> >
> > This one is rather important thing, since my management wants
> > to try to put Micro$oft proxy, instead of squid, since they need
> > to have domain users in logs with sites they browse.
> > Plz help :)
> >
> > TIA!
> >
>
Received on Wed May 23 2001 - 04:51:15 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:14 MST