Re: [squid-users] Media players with proxy_auth REQUIRED

From: Adrian Chadd <adrian@dont-contact.us>
Date: Wed, 19 Dec 2007 20:44:31 +0900

Do you have a tcpdump of the failed authentication transactions?

Adrian

On Wed, Dec 19, 2007, Olsson, Mattias wrote:
>
>
> Hallo all!
>
> Im running my squid server with proxy_auth REQUIRED. The Linux server is
> fully integrated with my AD. Samba/Winbind/kerberos all is working
> great. The problem i have is that IE / Windows is automatically
> authenticated against the proxy servers. But embedded players like
> Windows Media Player, Quicktime and others fails to automatically auth.
> I get a popup box where i can enter username / password to auth. If i do
> so, i get authed and i can se the movie ...
>
> The problem is that we are going to remove username/password within the
> AD and just use smartcards. So i need to figure out how to solve this or
> create and acl where i can allowd media sites.
>
> Is it possible to solve the Media Player issue? To have it auth the same
> way as IE?
>
> How can i create an acl that allows some media sites?
>
>
> #From my squid.conf - local networks have to auth.
> acl MYNETWORK proxy_auth REQUIRED src 192.168.0.0/255.255.0.0
> http_access allow MYNETWORK
>
>
> #Tried to do something like this....
> acl NoAUTHsite dstdomain *.domain1.com
> acl NoAUTHsite dstdomain *.domain2.com
> http_access allow NoAUTHsite
>
>
>
>
> #This is from access.log when im trying to view a media link.
>
> 1198061741.907 21 127.0.0.1 TCP_MISS/404 4478 GET
> http://wwwc.aftonbladet.se/special/webbtv/jsp/webbtv.css MYUSERNAME
> DIRECT/192.71.238.83 text/html
> 1198061741.922 58 127.0.0.1 TCP_MISS/200 2586 GET
> http://wwwc.aftonbladet.se/special/webbtv/jsp/webbtv_ad_right.jsp?
> MYUSERNAME DIRECT/192.71.238.83 text/html
> 1198061741.933 0 127.0.0.1 TCP_DENIED/407 2159 GET
> http://www.aftonbladet.se/statistik/instadia/clientstep.js - NONE/-
> text/html
> 1198061741.936 0 127.0.0.1 TCP_DENIED/407 2089 GET
> http://ad.aftonbladet.se/RealMedia/ads/adstream_mjx.ads/www.aftonbladet.
> se/webbtv/noje/1366798459@WTV_Bottom? - NONE/- text/html
> 1198061741.936 0 127.0.0.1 TCP_DENIED/407 1999 GET
> http://qstream-wm.qbrick.com/00862/aftonbladet1/Noje/0712/m0nj071219Cloo
> ney.wmv - NONE/- text/html
> 1198061741.939 0 127.0.0.1 TCP_DENIED/407 1930 GET
> http://wwwc.aftonbladet.se/special/webbtv/jsp/webbtv.css - NONE/-
> text/html
> 1198061741.944 0 127.0.0.1 TCP_DENIED/407 2312 GET
> http://ad.aftonbladet.se/RealMedia/ads/adstream_mjx.ads/www.aftonbladet.
> se/webbtv/noje/1366798459@WTV_Bottom? - NONE/- text/html
> 1198061741.950 0 127.0.0.1 TCP_DENIED/407 2153 GET
> http://wwwc.aftonbladet.se/special/webbtv/jsp/webbtv.css - NONE/-
> text/html
> 1198061741.971 34 127.0.0.1 TCP_MISS/302 451 GET
> http://www.aftonbladet.se/statistik/instadia/clientstep.js MYUSERNAME
> DIRECT/192.71.238.76 text/javascript
> 1198061742.012 68 127.0.0.1 TCP_MISS/200 744 GET
> http://ad.aftonbladet.se/RealMedia/ads/adstream_mjx.ads/www.aftonbladet.
> se/webbtv/noje/1366798459@WTV_Bottom? MYUSERNAME DIRECT/192.71.238.79
> application/x-javascript
> 1198061742.025 13 127.0.0.1 TCP_MISS/302 449 GET
> http://www.aftonbladet.se/statistik/instadia/specials.js MYUSERNAME
> DIRECT/192.71.238.76 text/javascript
> 1198061742.048 2 127.0.0.1 TCP_IMS_HIT/304 331 GET
> http://ad.aftonbladet.se/RealMedia/ads/Creatives/default/empty.gif
> MYUSERNAME NONE/- image/gif
> 1198061742.048 99 127.0.0.1 TCP_MISS/404 5864 GET
> http://wwwc.aftonbladet.se/special/webbtv/jsp/webbtv.css MYUSERNAME
> DIRECT/192.71.238.83 text/html
> 1198061742.062 0 127.0.0.1 TCP_DENIED/407 1888 GET
> http://se1.instadia.net/cgi-bin/gatherfpc? - NONE/- text/html
> 1198061742.069 0 127.0.0.1 TCP_DENIED/407 2111 GET
> http://se1.instadia.net/cgi-bin/gatherfpc? - NONE/- text/html
> 1198061742.083 0 127.0.0.1 TCP_DENIED/407 2086 GET
> http://ad.aftonbladet.se/RealMedia/ads/adstream_mjx.ads/www.aftonbladet.
> se/webbtv/noje/1480941804@WTV_Right? - NONE/- text/html
> 1198061742.085 0 127.0.0.1 TCP_DENIED/407 2008 GET
> http://wwwc.aftonbladet.se/special/webbtv/bilder2/Noje/0712/p1nj071214fi
> lmerny.jpg - NONE/- text/html
> 1198061742.093 1 127.0.0.1 TCP_DENIED/407 2309 GET
> http://ad.aftonbladet.se/RealMedia/ads/adstream_mjx.ads/www.aftonbladet.
> se/webbtv/noje/1480941804@WTV_Right? - NONE/- text/html
> 1198061742.094 0 127.0.0.1 TCP_DENIED/407 2231 GET
> http://wwwc.aftonbladet.se/special/webbtv/bilder2/Noje/0712/p1nj071214fi
> lmerny.jpg - NONE/- text/html
> 1198061742.124 76 127.0.0.1 TCP_MISS/200 655 GET
> http://sifo.aftonbladet.se/data/? MYUSERNAME DIRECT/80.76.145.58
> image/gif
> 1198061742.134 64 127.0.0.1 TCP_MISS/200 478 GET
> http://se1.instadia.net/cgi-bin/gatherfpc? MYUSERNAME
> DIRECT/193.88.187.16 image/gif
> 1198061742.145 50 127.0.0.1 TCP_MISS/200 7394 GET
> http://ad.aftonbladet.se/RealMedia/ads/adstream_mjx.ads/www.aftonbladet.
> se/webbtv/noje/1480941804@WTV_Right? MYUSERNAME DIRECT/192.71.238.79
> application/x-javascript
> 1198061742.154 60 127.0.0.1 TCP_MEM_HIT/200 3957 GET
> http://wwwc.aftonbladet.se/special/webbtv/bilder2/Noje/0712/p1nj071214fi
> lmerny.jpg MYUSERNAME NONE/- image/jpeg
> 1198061742.169 15 127.0.0.1 TCP_MEM_HIT/200 3744 GET
> http://wwwc.aftonbladet.se/special/webbtv/bilder2/Noje/0712/p1nj071213pa
> risNEW.jpg MYUSERNAME NONE/- image/jpeg
> 1198061742.179 9 127.0.0.1 TCP_IMS_HIT/304 347 GET
> http://ad.aftonbladet.se/RealMedia/ads/Creatives/TFSMflashobject.js
> MYUSERNAME NONE/- application/x-javascript
> 1198061742.188 8 127.0.0.1 TCP_IMS_HIT/304 353 GET
> http://ad.aftonbladet.se/RealMedia/ads/Creatives/OasDefault/WTV_unibet_3
> 7742//jubileum_180x560_brakskiva9900267.swf MYUSERNAME NONE/-
> application/x-shockwave-flash
> 1198061742.348 56 127.0.0.1 TCP_MEM_HIT/200 4488 GET
> http://wwwc.aftonbladet.se/special/webbtv/bilder2/Noje/0712/p1nj071212pa
> risinslag.jpg MYUSERNAME NONE/- image/jpeg
> 1198061742.353 5 127.0.0.1 TCP_MEM_HIT/200 4488 GET
> http://wwwc.aftonbladet.se/special/webbtv/bilder2/Noje/0712/p1nj071212pa
> risinslag.jpg MYUSERNAME NONE/- image/jpeg
> 1198061743.180 827 127.0.0.1 TCP_MEM_HIT/200 3434 GET
> http://wwwc.aftonbladet.se/special/webbtv/bilder2/Noje/0712/p1nj071207Br
> ittanskille.jpg MYUSERNAME NONE/- image/jpeg
> 1198061743.185 0 127.0.0.1 TCP_DENIED/407 2023 GET
> http://wwwc.aftonbladet.se/special/webbtv/bilder2/Noje/0712/p1nj071207Br
> ittanskille.jpg - NONE/- text/html
> 1198061743.208 0 127.0.0.1 TCP_DENIED/407 2246 GET
> http://wwwc.aftonbladet.se/special/webbtv/bilder2/Noje/0712/p1nj071207Br
> ittanskille.jpg - NONE/- text/html
> 1198061743.249 0 127.0.0.1 TCP_DENIED/407 2023 GET
> http://wwwc.aftonbladet.se/special/webbtv/bilder2/Noje/0712/p1nj071207Br
> ittanskille.jpg - NONE/- text/html
> 1198061743.257 49 127.0.0.1 TCP_MEM_HIT/200 3434 GET
> http://wwwc.aftonbladet.se/special/webbtv/bilder2/Noje/0712/p1nj071207Br
> ittanskille.jpg MYUSERNAME NONE/- image/jpeg
> 1198061743.265 0 127.0.0.1 TCP_DENIED/407 2246 GET
> http://wwwc.aftonbladet.se/special/webbtv/bilder2/Noje/0712/p1nj071207Br
> ittanskille.jpg - NONE/- text/html
> 1198061743.310 37 127.0.0.1 TCP_MEM_HIT/200 3434 GET
> http://wwwc.aftonbladet.se/special/webbtv/bilder2/Noje/0712/p1nj071207Br
> ittanskille.jpg MYUSERNAME NONE/- image/jpeg
> 1198061743.864 0 127.0.0.1 TCP_DENIED/407 2222 GET
> http://qstream-wm.qbrick.com/00862/aftonbladet1/Noje/0712/m0nj071219Cloo
> ney.wmv - NONE/- text/html
> 1198061744.569 705 127.0.0.1 TCP_MISS/200 4911 GET
> http://qstream-wm.qbrick.com/00862/aftonbladet1/Noje/0712/m0nj071219Cloo
> ney.wmv MYUSERNAME DIRECT/194.14.243.158
> application/vnd.ms.wms-hdr.asfv1
>
>
> Kind regards
>
> //Mattias Olsson

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
Received on Wed Dec 19 2007 - 04:37:27 MST

This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:02 MST