Re: [squid-users] Problems while trying to authenticate using NTML

Of course,

######################
auth_param basic program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Credit Andorra
auth_param basic credentialsttl 2 hours

auth_param ntlm program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off

external_acl_type NT_global_group children=4 %LOGIN
/usr/local/squidNG/libexec/wbinfo_group.pl
acl Internet_HTTP external NT_global_group
"/usr/local/squidNG/etc/usuarios_http"
acl Internet_HTTP_Restringit external NT_global_group
"/usr/local/squidNG/etc/usuarios_http_restringit"
acl Internet_FTP external NT_global_group
"/usr/local/squidNG/etc/usuarios_ftp"
acl Internet_FTP_Restringit external NT_global_group
"/usr/local/squidNG/etc/usuarios_ftp_restringit"
##########################################################

----- Original Message -----
From: Matt Alexander <lowbassman@gmail.com>
Date: Wednesday, November 10, 2004 2:47 pm
Subject: Re: [squid-users] Problems while trying to authenticate using NTML

> Can you send us the part of your squid.conf that's doing the
> authentication?
>
>
> On Wed, 10 Nov 2004 11:49:32 GMT, jamunoz@cast-info.es
> <jamunoz@cast-info.es> wrote:
> > Hello list,
> >
> > I just have compiled, configured and get working squid
> authenticating> against an Active Directory. I have set up what
> groups or users are
> > allowed to concrete resources, and is working well.
> >
> > The tests were done with a Mozilla browser, so everytime I
> started the
> > Mozilla I need to put the username/domain/password in the PopUp. But
> > once I try to do it with Windows the PopUp is still emerging (and
> yes I
> > have configured auth_param ntlm options)
> >
> > Bellow is the captured dialog between the browser and the Squid,
> you can
> > see how "Proxy-Authenticate: NTLM" header is showed to the
> browser, but
> > it is beneath "Proxy-Authenticate: Basic" header; and I suspect
> MSIE so
> > can't handle the NTLM one.
> >
> > Do you know if its possible to change the order that is shown the
> > Proxy-Authenticate headers??
> >
> > GET
> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome>
> HTTP/1.1> Accept: */*
> > Accept-Language: es
> > Accept-Encoding: gzip, deflate
> > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.0)
> > Host: www.microsoft.com
> > Proxy-Connection: Keep-Alive
> > Cookie:
> MC1=GUID=272912df2048ef4c95f806c79e6d07ad&HASH=df12&LV=200411&V=3>
> > HTTP/1.0 407 Proxy Authentication Required
> > Server: squid/2.5.STABLE7
> > Mime-Version: 1.0
> > Date: Wed, 10 Nov 2004 11:35:44 GMT
> > Content-Type: text/html
> > Content-Length: 1383
> > Expires: Wed, 10 Nov 2004 11:35:44 GMT
> > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
> > Proxy-Authenticate: Basic realm="Andorra"
> > Proxy-Authenticate: NTLM
> > X-Cache: MISS from srvproxy.andorra.ad
> > Proxy-Connection: close
> >
> > Thanks a lot,
> >
> > Agustin
> >
> >
>
>
> --
> Get Firefox!
> http://www.mozilla.org/products/firefox/
>
>
Received on Wed Nov 10 2004 - 07:56:34 MST