AW: [squid-users] disable ntlm_auth for java from Hitzler, Siegfried \(Exchange\) on 2006-09-28 (squid-users)

From: Hitzler, Siegfried \(Exchange\) <shitzler@dont-contact.us>
Date: Thu, 28 Sep 2006 14:34:28 -0000

Yes, that was what I read and implemented. But it didn't work ... ... until
now !!! :D

That was also my second thought - The order in the file!

I placed the files before this acl and now it works !
acl ACLAUTH proxy_auth REQUIRED

Squid config looks something like this:
--------------------------
acl Java browser Java/1.4 Java/1.5
acl Windows-Update dstdomain .microsoft.com .windowsupdate.com
http_access allow Java
http_access allow Windows-Update

acl usrauth proxy_auth REQUIRED
acl DenyWindowsGroups external Domain_Group "/etc/squid/DeniedWindowsGroups"

acl otatwrk src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
acl local-servers dstdomain DOMAINSUFFIX
....
....
....
--------------------------

Thanks for your help!

Have a nice day ;)

-----Ursprüngliche Nachricht-----
Von: Andre Fernando Goldacker [mailto:squid@teka.com.br]
Gesendet: Donnerstag, 28. September 2006 15:42
An: squid-users@squid-cache.org
Cc: Hitzler, Siegfried (Exchange)
Betreff: Re: [squid-users] disable ntlm_auth for java

Hello!

I had the same problem and I did the same thing you are thinking about.
I bypassed authentication for java stuff. I've read many things including
the sun knowledge base and there are many issues regarding authentication
with the jvm, especially with ntlm!
You can solve this by creating an acl like this:
acl java_jvm browser Java/1.4 Java/1.5
http_access allow java_jvm

Remember to keep it in front of any http_access lines regarding
authentication, otherwise it won't work.

I haven't worked out the windows update issue since I only do it in my
servers and when I do I make a NAT rule in my firewall, but I think it has
something to do with 443 port (ssl).

Cheers,

André

Hitzler, Siegfried (Exchange) wrote:
> Hello,
>
> We authenticate our users over ntlm_auth. The problem is if the load a
> Java-Applet which is implemented on a Secure Site (www.netbanking.at),
> Java pops up a Windows and force the users to enter their username,
> password and domain to load the Applet. Is there a way to disable
> authentication for Java-Applets or for some sites?
>
> Same shit on Windows Update Site. Site is searching for needing
> updates when suddenly an error apears.
>
> authentication lines in squid.conf looks something like this:
>
> auth_param ntlm program /usr/lib/squid/ntlm_auth DOMAIN/PDC auth_param
> ntlm children 10 auth_param ntlm max_challenge_lifetime 2 minutes
>
> Would be realy greate if somebody can help me out of this problem!
>
> Thanks and best regards
>
> Siegfried
>
>
>
Received on Thu Sep 28 2006 - 08:34:41 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:04 MDT