Re: [squid-users] Exclude embedded applications from ntlm auth

The place to start is to grab a wireshark/ethereal trace of the embedded
player to see exactly whats going on.

Yes you can use ACLs based on request URL but I think mime type requires
the reply to be seen and it might be difficult to enforce authentication.
Henrik will know better.

Adrian

On Fri, Dec 07, 2007, Olsson, Mattias wrote:
>
> Hello!
>
> I have a cluster of Squid servers integrated with my AD. IE and Firefox
> is working most of the time. My biggest problem is that Windows Media
> Player, Quicktime and other embedded players fails to auth against the
> AD automaticly. I get a popup requesting my usename/password. This is
> enoying and it will not work with our PKI2 cards. I dont know if its
> possible to solve this problem with embedded players failing against
> Squid/Kerberos/AD, so i was hoping for an work around meanwhile.
>
> First, can it be done? Having embedded players automatically auth
> against the AD...
>
> If not, is it possible to make an exclution acl within squid? Maby on
> mime type or application type / sort of traffic?
>
> This is how i have configured squid, if you are comming from the
> internal lan you have to auth...
>
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 10
> auth_param basic program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Proxy Server AUTH
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
> authenticate_cache_garbage_interval 10 seconds
>
> acl MYNET proxy_auth REQUIRED src 192.168.0.0/255.255.0.0
> http_access allow MYNET
>
> Thanks for any kind of help!
>
>
> Mvh / Kind regards
>
> Mattias Olsson
>
> Siemens AB
> IT Solutions and Services AB
>
> SE-171 95 Solna
> Sweden
>
> P: +46 8 730 6573 M:+46 70 629 1071
> **************************************'******

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -