RE: [squid-users] NTLM/Basic Authentication problem with blocked user from Chris & Val Bamber on 2003-02-04 (squid-users)

From: Chris & Val Bamber <dasher@dont-contact.us>
Date: Tue, 4 Feb 2003 21:10:58 -0000

Thanks Henerik,

Does that mean then that my acl lines are OK, I don't need to switch
them ? I just need to add
Other cases to my acl i.e.

Acl UnauthorisedUser proxy_auth MyDomain\BlockedUser
MyDomain\blockeduser BlockedUser blockeduser

Despite the case sensitive issue, it does seem to ignore the case when
using Internet Explorer
On Windows platform. It is only an issue for Netscape on Unix for me.

Thanks
Chris

-----Original Message-----
From: hno@marasystems.com [mailto:hno@marasystems.com] On Behalf Of
Henrik Nordstrom
Sent: 04 February 2003 20:43
To: Chris & Val Bamber
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] NTLM/Basic Authentication problem with
blocked user

You may need to list the user both with and without domain name (the acl
matches the name exacly as typed in the login box).

Also, keep in mind that Squid by default is case sensitive. See the
proxy_auth acl documentation for details.

Regards
Henrik

Chris & Val Bamber wrote:
>
> Hi,
>
> I have implemented NTLM and it works very nice. We have a well Know
> public user on our network which I want to block completely from
> anything.
>
> If the user logs on and launches Internet Explorer then all that is
> presented the Username/logon banner and despite entering the correct
> password the user never gets access.
>
> If I launch Netscape from a UNIX box then basic authentication takes
> over (I am assuming this!) and not NTLM. If I enter the Same
> username/password which is blocked then the user is allowed access!!
>
> My squid.conf file
>
> Acl UnauthorisedUser proxy_auth MyDomain\BlockedUser
> Acl AuthorisedUsers proxy_auth REQUIRED
>
> Http_access deny unauthorisedUser
> Http_access allow AuthorisedUsers
>
> I looked at the FAQ and noticed the following example.
>
> acl USER1 proxy_auth Dick
> acl USER2 proxy_auth Jane
> acl DAY time 06:00-18:00
> http_access allow USER1 DAY
> http_access deny USER1
> http_access allow USER2 !DAY
> http_access deny USER2
>
> Does this mean I should switch allow and deny rules around.
>
> Thanks
> Chris
Received on Tue Feb 04 2003 - 14:11:10 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:14 MST