RE: [squid-users] NTLM and everyone has access

Hi all,

I have been tuning my configuration. I am sorry worrying you all, but it now
seems to work fine. Non granted NT users (not belonging to the Internet
group),
now are asked 3 times their pass and then they get any ERROR page.
These users their NT account also is blocked, which is just fine.
If you like to test do not make the same mistake as I did, you need your NT
account to log off (after changing the Internet rights).

I use this configuration now :
auth_param ntlm program /opt/squid/libexec/squid/ntlm_auth domain\BDC
domain\PDC
auth_param ntlm children 8
auth_param ntlm max_challenge_reuses 1
auth_param ntlm max_challenge_lifetime 2 minutes
# Modification: Authenticate to Netscape
auth_param basic program /opt/squid/libexec/squid/msnt_auth
auth_param basic children 5
auth_param basic realm Squid Europe proxy-caching web server
auth_param basic credentialsttl 2 hours

Best Regards

> -----Original Message-----
> From: Chemolli Francesco (USI) [mailto:ChemolliF@GruppoCredit.it]
> Sent: 04 October 2001 13:11
> To: 'Van Bossche Koen'; 'squid-users@squid-cache.org'
> Subject: RE: [squid-users] NTLM and everyone has access
>
>
> > Hi all,
> >
> > I just checked if I could access the internet with NTLM
> > through proxy if I
> > put myself out of the group 'Internet Users' from my NT server.
>
> Squid-NTLM only uses the Domain Controller for authentication.
> Authorization is done via the usual Squid mechanisms.
> In particular, squid knows nothing about NT groups. As long
> as an user validates fine, it's OK by Squid.
>
> --
> /kinkie
>
Received on Thu Oct 04 2001 - 05:51:44 MDT