[squid-users] NTLM auth from Edward Mann on 2002-12-18 (squid-users)

From: Edward Mann <ed.mann@dont-contact.us>
Date: 18 Dec 2002 15:10:21 -0600

I have ntlm auth setup and running. What i am having a problem with is.
Users that are not allowed to go to the Internet get a access denied
page. This is cool, but what i want to happen is when the ntlm fails it
returns a pop up box asking for there username and password. That way
when one of the support staff is at the desk they can log into the
internet without having to log out the user and log in as themselves.
What can i give you to help me get the results that i want?
##
##My config file
##

http_port 3128
cache_dir ufs /data/squid/cache1 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
mime_table /etc/squid/mime.conf
cache_mgr ed.mann@cp-direct.com
forwarded_for off
cache_effective_user squid
cache_effective_group squid
ftp_user proxy@cp-direct.com
debug_options ALL,1 28,9
log_fqdn on
unlinkd_program /usr/lib/squid/unlinkd
pid_filename /var/log/squid/squid.pid

auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/lib/squid/wb_auth
auth_param basic children 5
auth_param basic realm ChoicePoint Proxy server
auth_param basic credentialsttl 2 hours

external_acl_type NT_global_group %LOGIN /usr/lib/squid/wb_group
acl FullAccess external NT_global_group internet
http_access allow FullAccess
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

deny_info ERR_ACCESS_DENIED FullAccess
http_access deny all
icon_directory /usr/local/squid/share/icons
error_directory /usr/local/squid/share/errors/English
coredump_dir /var/cache
#ie_refresh on
Received on Wed Dec 18 2002 - 14:10:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:08 MST