[squid-users] Squidnt: wrong error message using mswin_check_lm_group from Reale Marco on 2006-11-17 (squid-users)

From: Reale Marco <Marco.Reale@dont-contact.us>
Date: Fri, 17 Nov 2006 10:25:06 +0100

I use squidnt 2.6 stable 4 on Windows 2003 with Active Directory
Integration

My squid.conf is:
-------------squid.conf--------------
external_acl_type NT_global_group %LOGIN
c:/squid/libexec/mswin_check_lm_group.exe -G -c acl DomainUsers external
NT_global_group "c:/squid/etc/DomainUsers.txt"
acl Proxy_Messengers_yes external NT_global_group Proxy_Messengers_yes
acl Proxy_Internet_Ts external NT_global_group Proxy_Internet_Ts
acl Proxy_All_Open external NT_global_group Proxy_All_Open
acl Proxy_ftp_porn_block_yes external NT_global_group
Proxy_ftp_porn_block_yes

auth_param ntlm children 100
http_access deny Proxy_Internet_Ts !trustedsites
http_access allow enabled
http_access deny porn !Proxy_All_Open
deny_info ERR_PORN_ACCESS_DENIED porn
http_access deny bad_word_content_type !Proxy_ftp_porn_block_yes
!Proxy_All_Open
deny_info ERR_PORN_ACCESS_DENIED bad_word_content_type
http_access deny msnmessenger !Proxy_Messengers_yes !Proxy_All_Open
http_access deny msnweb !Proxy_Messengers_yes !Proxy_All_Open
http_access deny msnit !Proxy_Messengers_yes !Proxy_All_Open
http_access deny BadDest !Proxy_Messengers_yes !Proxy_All_Open
http_access deny rs_deny !rs_allowed
http_access deny ftpblock !Proxy_ftp_porn_block_yes !Proxy_All_Open
http_access allow autorizzati DomainUsers
-------------squid.con--------------

Problem:
As you can see all Domain users (apart members of "Proxy_All_Open")
can't visit porn site and the acl works correctly blocking them but the
error message displayed is always:
"Cache Access Denied.Sorry, you are not currently allowed to
request:from this cache until you have authenticated yourself"
And not
my customized html file ubicated in
C:\squid\share\errors\Italian\ERR_PORN_ACCESS_DENIED

When using ip based rules (in the past...before to using ntlm auth)this
problem there wasn't and my acl was always the same:
http_access deny porn !secmano_ip_no_restriction
deny_info ERR_PORN_ACCESS_DENIED porn

Do someone know what is wrong?
Received on Fri Nov 17 2006 - 02:25:13 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST