RE: [squid-users] MSN Messenger an wb_ntlmauth

MSN supports authentication?

For me it didn't worked either through basic or NTLM. Contacted MSN support but they didn't reveled the same.

#Finally I created a acl for all the clients required MSN access with their IP address

acl msoft_msn src 10.10.10.10 10.10.10.11

#Create a acl for MSN destination

acl msn dst 207.46.104.20 207.46.110.0/24

#Combined both

http_access allow msoft_msn msn

So that only msn access will not ask for authentication, rest of all as usual.
 
Reg.
Prasanta

-----Original Message-----
From: Claudio Alonso [mailto:cfa71@hotmail.com]
Sent: Thursday, March 20, 2003 7:33 PM
To: GDominguez@mteliza.com.au; squid-users@squid-cache.org
Subject: Re: [squid-users] MSN Messenger an wb_ntlmauth

Hello, George.
Thanks for your answer. Sadly, your suggestion didn't work. This was almost
the same way we had MSN messenger configured here, and changing the
difference didn't work.
I have to say that because of firewall rules, users aren't allowed to access
the external world without a proxy. We made a temporal rule in the firewall
for one user to be able to get out directly (but configured his wks to use
the proxy) and he could connect, but it seems that when messenger realizes
that can't connect through the proxy, tries the direct connection. As you
could expect, when we deleted this rule in the firewall, the user wasn't
able to connect anymore.
I'm pretty sure that the problem is in the configuration file I have in my
squid server. I'll try to figure it out and if I solve it I'll let you know.
Thanks again!
Any additional help would be appreciated.
Kind regards,

--Claudio

>From: "George Dominguez" <GDominguez@mteliza.com.au>
>To: squid-users@squid-cache.org
>Subject: Re: [squid-users] MSN Messenger an wb_ntlmauth
>Date: Thu, 20 Mar 2003 10:08:19 +1100
>
>
>This is just a clue! but this is how we got msn working in the studen's
>lab:
>
>Change the msn connections to HTTP proxy, port 3128, server x.x.x.x
>(open msn messenger window, click Tools, Options, Connections Tab),
>click ok and exit out..
>
>On the desktop, right click Network places, click properties, right
>click Local Area Network, select properties, select TCP/IP protocol,
>select properties, select advanced, click on WINS tab, Click on Enable
>LMHosts lookup. click ok to get out.
>
>make this entry in in the wks hosts file 207.46.104.20
>messenger.hotmail.com #207.46.104.20:1863
>
>Shutdown, restart and login, open MSN messenger, tools, options, ensure
>connections are HTTP proxy, port 3128, server x.x.x.x clickok.
>
>Good luck
>
>Regards
>George
>
>
>
>
> "Claudio Alonso"
> <cfa71@hotmail.co To:
>squid-users@squid-cache.org
> m> cc:
> Subject: Re:
>[squid-users]
>MSN Messenger an wb_ntlmauth
> 19/03/2003 12:50
> PM
>
>
>
>
>
>
>Sorry, I forgot to say...
>I'm using squid-2.5.STABLE1 on a Sun Solaris 8.
>Thanks again,
>
>--Claudio
>
>
> >From: "Claudio Alonso" <cfa71@hotmail.com>
> >To: squid-users@squid-cache.org
> >Subject: [squid-users] MSN Messenger an wb_ntlmauth
> >Date: Wed, 19 Mar 2003 09:55:48 -0300
> >
> >Hello everybody!
> >I finally got squid with wb_ntlmauth working perfectly. Only the
> >users
>that
> >belong to the group InternetSquid (in the Win NT domain) can access
> >the web. But now I need to give some users access to MSN Messenger.
> >If I disable wb_ntlmauth, all the users can use Messenger.
> >If I give some users direct access (I mean IP validation previous to
> >wb_ntlmauth), they can use Messenger.
> >But I need to do it based on the user's group.
> >Besides, if I look at the log file, I see that squid usually gets domain
> >and username from the computers that are accessing with Internet Explorer
> >(and also with Netscape and Mozilla via basic authentication). But when
> >they try to access MSN via MSN Messenger, they don't inform the user data
> >(at least, it doesn't show in the log file). I think Messenger is
>properly
>
> >configured (it's configured with proxy address, username and password),
>so
>
> >the problem may be in my configuration file.
> >Can anybody give me a clue?
> >I'm copying the entries from my squid.conf file.
> >Thanks in advance,
> >
> >--Claudio
> >
> >
> >#squid.conf begins
> >
> >http_port 8080
> >hierarchy_stoplist cgi-bin ?
> >acl QUERY urlpath_regex cgi-bin \?
> >no_cache deny QUERY
> >cache_dir ufs /usr/local/squid/var/cache 100 16 256
> >auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
> >auth_param ntlm children 15
> >auth_param ntlm max_challenge_reuses 0
> >auth_param ntlm max_challenge_lifetime 2 minutes
> >auth_param basic program /usr/local/squid/libexec/wb_auth
> >auth_param basic children 15
> >auth_param basic realm Squid proxy-caching web server
> >auth_param basic credentialsttl 2 hours
> >external_acl_type wbinfo_group %LOGIN
> >/usr/local/squid/libexec/wbinfo_group.pl
> >refresh_pattern ^ftp: 1440 20% 10080
> >refresh_pattern ^gopher: 1440 0% 1440
> >refresh_pattern . 0 20% 4320
> >acl all src 0.0.0.0/0.0.0.0
> >acl manager proto cache_object
> >acl localhost src 127.0.0.1/255.255.255.255
> >acl to_localhost dst 127.0.0.0/8
> >acl SSL_ports port 443 563
> >acl Safe_ports port 80 # http
> >acl Safe_ports port 21 # ftp
> >acl Safe_ports port 443 563 # https, snews
> >acl Safe_ports port 70 # gopher
> >acl Safe_ports port 210 # wais
> >acl Safe_ports port 1025-65535 # unregistered ports
> >acl Safe_ports port 280 # http-mgmt
> >acl Safe_ports port 488 # gss-http
> >acl Safe_ports port 591 # filemaker
> >acl Safe_ports port 777 # multiling http
> >acl CONNECT method CONNECT
> >acl internet-group external wbinfo_group InternetSquid
> >http_access allow manager localhost
> >http_access deny manager
> >http_access deny !Safe_ports
> >http_access deny CONNECT !SSL_ports
> >http_access allow internet-group
> >http_access deny all
> >http_reply_access allow all
> >icp_access allow all
> >visible_hostname SquidProxy
> >coredump_dir /usr/local/squid/var/cache
> >
> >#squid.conf finishes
> >
> >
> >_________________________________________________________________
> >Charla con tus amigos en línea mediante MSN Messenger:
> >http://messenger.yupimsn.com/
> >
>
>
>_________________________________________________________________
>Charla con tus amigos en línea mediante MSN Messenger:
>http://messenger.yupimsn.com/
>
>
>
>
>
>=====================================================
>Privileged/Confidential Information may be contained in this message. If
>you are not the addressee (or responsible for delivery of the message to
>the addressee), you may not copy or deliver this message to anyone. In such
>a case, you should destroy this message and kindly notify the sender by
>reply e-mail. Opinions, conclusions and other information in this message
>that do not relate to the official business of my employer shall be
>understood as neither given nor endorsed by it.
>
>

_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger:
http://messenger.yupimsn.com/