RE: [squid-users] NTLM authentication error when using wb_group from Jairo.Castañeda on 2003-01-16 (squid-users)

From: Jairo.Castañeda <Jairo.Castaneda@dont-contact.us>
Date: Thu, 16 Jan 2003 11:31:26 -0500

That would be ok if my network were small. However that's not the
case....There are 1400 users so I need to use filters based on NT groups.

-----Original Message-----
From: Mohsin Khan [mailto:aaghaz00@yahoo.com]
Sent: Miércoles, 15 de Enero de 2003 11:04 p.m.
To: Jairo.Castañeda
Subject: Re: [squid-users] NTLM authentication error when using wb_group

A-o-a

Well if you are using NTLM and you want specific users
to surf internet, just put the users names in a file
and make a ACL accordingly.

--- Jairo.Castañeda <Jairo.Castaneda@siemens.com>
wrote:
> I've got a Linux RH 7.2 box running squid 2.5stable1
> with NTLM
> authentication implemented as well which is working
> fine. So far so good...
>
> However, I want to allow web access only to users
> belonging to a NT group
> (called internet). In an earlier e-mail I was told
> to use the wb-group
> external_acl helper which I did so I added the
> following lines to the
> squid.conf file:
>
> -- external_acl_type NT_global_group %LOGIN
> /usr/local/squid/libexec/wb_group
> -- acl ProxyUsers external NT_global_group internet
> -- acl AuthorizedUsers proxy_auth REQUIRED
>
> My rules look like this:
> http_access allow AuthorizedUsers ProxyUsers
> http_access deny all
>
> With this setup every time I tried to surf I get the
> following error:
> "Access Denied.
> Access control configuration prevents your request
> from being allowed at
> this time. Please contact your service provider if
> you feel this is
> incorrect."
>
> From the access.log
> "1042667330.327 10 xxx.xxx.148.xxx
> TCP_DENIED/407 1762 GET
> http://www.cromos.com.co/ - NONE/- text/html
> 1042667330.367 16 xxx.xxx.148.xxx TCP_DENIED/407
> 1770 GET
> http://www.cromos.com.co/ - NONE/- text/html
> 1042667330.394 25 xxx.xxx.148.xxx TCP_DENIED/403
> 1407 GET
> http://www.cromos.com.co/ vebogx101a\castanedaj
> NONE/- text/html"
>
> If I remove "ProxyUsers" from the http_access rule
> my NTLM scheme works
> again.(only authenticated users can surf the web)
>
> What could be missing? Any ideas?
>
> Jairo Castañeda

=====
Regards,
Mohsin Khan
CCNA ( Cisco Certified Network Associate 2.0 )

>>>Happy is the who can smile<<<

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
Received on Thu Jan 16 2003 - 09:29:32 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:41 MST