Sorry to say It didn't work. I tried your 2nd step in "Security" tab
Custom level and set it to 3rd option that is use the login time
credentials for everything.
Then I also changed my settings as described in the squid website. But no luck.
Should I set it to default settings in IE as a last resort.
Thanks in advance
On Sun, Oct 12, 2008 at 8:57 AM, Tanveer Chowdhury
<tanveer.chowdhury_at_gmail.com> wrote:
> Hi, Thanks for your reply.
> I will definitely give it a try today and let you all know.
>
>
> On Thu, Oct 9, 2008 at 5:26 AM, Jeff Gerard <mysubscriptions_at_shaw.ca> wrote:
>> In IE internet options/security, try resetting "Local Intranet" to default
>> settings. There is also an option at the bottom of those custom settings
>> regarding username/passwords. I don't have IE in front of me at the moment
>> so can't say exactly what it says but give the default settings a try. I
>> have had similar issues with Bluecoat and kerberos authentication.
>>
>> HTH...
>>
>> On Tuesday 07 October 2008 23:11:48 Tanveer Chowdhury wrote:
>>> Hi all,
>>>
>>> I have setup NTLM authentication with squid-2.6.STABLE20, samba-3.0.10
>>> and winbind. My purpose is to find the username in both squid and DG
>>> access log which I am getting fine. But the problem is sometimes not
>>> frequest IE prompts a pop up window for authentication and if not
>>> given i.e., pressed cancel then it gives a message like " Cache access
>>> denied". But if you then press Refresh button then it loads again
>>> fine.
>>>
>>> But if you provide the username and password at the login prompt it
>>> also works though. My question is how to STOP this password prompting
>>> pop up window.
>>>
>>> Below is the output of /var/log/squid/cache.log when the password window
>>> prompts
>>>
>>> [2008/09/29 13:39:11, 3] utils/ntlm_auth.c:winbind_pw_check(427)
>>> Login for user [XYZ][testuser]@[PC21] failed due to [Reading winbind
>>> reply failed!]
>>> 2008/09/29 13:39:11| The request GET
>>> http://search.live.com/LS/GLinkPing.aspx?/_1_9SE......
>>>
>>> Below is my NTLM part of squid.conf file
>>>
>>> auth_param ntlm program /usr/bin/ntlm_auth
>>> --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30
>>> auth_param ntlm keep_alive on
>>> auth_param basic program /usr/bin/ntlm_auth
>>> --helper-protocol=squid-2.5-basic auth_param basic children 5
>>> auth_param basic realm Squid proxy-caching web server
>>> auth_param basic credentialsttl 2 hours
>>>
>>> .....
>>> .......
>>> acl manager proto cache_object
>>> acl authenticated_users proxy_auth REQUIRED
>>> acl localhost src 127.0.0.1/255.255.255.255
>>> acl to_localhost dst 127.0.0.0/8
>>>
>>> ...
>>> .....
>>> #Recommended minimum configuration:
>>> #
>>> # Only allow cachemgr access from localhost
>>>
>>> ##http_access deny !Safe_ports
>>> http_access allow manager localhost
>>> http_access deny manager
>>> # Deny requests to unknown ports
>>> #http_access deny !Safe_ports
>>> # Deny CONNECT to other than SSL ports
>>> http_access deny CONNECT !SSL_ports
>>> http_access allow authenticated_users
>>>
>>> # cat /etc/nsswitch.conf
>>> passwd: compat winbind
>>> group: compat winbind
>>> shadow: compat
>>>
>>> hosts: files dns wins
>>> networks: files dns
>>> protocols: db files
>>> services: db files
>>> ethers: db files
>>> rpc: db files
>>>
>>>
>>> # cat /etc/krb5.conf
>>> [logging]
>>> default = FILE:/var/log/krb5libs.log
>>> kdc = FILE:/var/log/krb5kdc.log
>>> admin_server = FILE:/var/log/kadmind.log
>>>
>>> [libdefaults]
>>> default_realm = DOMAIN.COM
>>>
>>> [realms]
>>> DOMAIN.COM = {
>>> default_domain = DOMAIN.COM
>>> kdc = abc.domain.com
>>> kdc = efg.domain.com
>>> kdc = xx.xx.xx.xx
>>> kdc = xx.xx.xx.xx
>>> }
>>>
>>> [domain_realm]
>>> .kerberos.server = DOMAIN.COM
>>
>>
>>
>> --
>>
>> Jeff Gerard
>>
>
Received on Tue Oct 14 2008 - 04:49:16 MDT
This archive was generated by hypermail 2.2.0 : Tue Oct 14 2008 - 12:00:03 MDT