Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY

On Wed, Oct 29, 2008 at 5:16 PM, nairb rotsak <ipguru99_at_yahoo.com> wrote:
> http_access allow all NTLMUsers

Does the 'all' trump the 'NTLMUsers' acl here?

Chris

>
> ----- Original Message ----
> From: Chris Nighswonger <cnighswonger_at_foundations.edu>
> To: nairb rotsak <ipguru99_at_yahoo.com>
> Cc: matlor <bfrobu_at_tin.it>; squid-users_at_squid-cache.org
> Sent: Wednesday, October 29, 2008 9:31:32 AM
> Subject: Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY
>
> On Wed, Oct 29, 2008 at 10:23 AM, nairb rotsak <ipguru99_at_yahoo.com> wrote:
>> I am totally confused by this statement?.. as I have 300 people using firefox right now.. using Ubuntu 6.06, Samba3, Squid2.. and not a single one gets a user/pass prompt? I am not using it as a transparent proxy, it is listed in firefox under proxy settings (8080 because it goes to DG first.. but I have tested just Squid at 3128 and it works as well).. and I haven't touched anything else in firefox
>
>
> I'd be very interested in knowing what is different about your setup.
> I have fought this problem for several years now.
>
>
>>
>>
>>
>> ----- Original Message ----
>> From: Chris Nighswonger <cnighswonger_at_foundations.edu>
>> To: matlor <bfrobu_at_tin.it>
>> Cc: squid-users_at_squid-cache.org
>> Sent: Wednesday, October 29, 2008 8:48:39 AM
>> Subject: Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY
>>
>> On Tue, Oct 28, 2008 at 6:18 AM, matlor <bfrobu_at_tin.it> wrote:
>>>
>>> I have configured squid with winbind integrated in the active directory of a
>>> windows 2003 domain.
>>> If I browse internet trough IE 7 everething is ok, no user and password
>>> prompted, because of the common login. While, if I open Firefox (2 or 3
>>> version), it prompts for user and password.
>>
>> One other note: While FF does support NTLM, it does not do transparent
>> auth as IE does. Hence the prompting for username/password.
>> Furthermore, due to M$ having a broken implementation of NTLM, FF will
>> at times repeatedly prompt ad infinitum. There is an open bug on this
>> at Mozilla, (https://bugzilla.mozilla.org/show_bug.cgi?id=318253) but
>> action on it is understandably slow. You can mess with FF's NTLM
>> related settings under 'about:config' to gain some respite. You can
>> also run a basic auth that authenticates against NTLM which for some
>> reason seems to avoid the multi-prompt issue. Something like:
>>
>> auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
>> auth_param basic children 2
>> auth_param basic realm somerealm
>> auth_param basic credentialsttl 2 hours
>> auth_param basic casesensitive off
>>
>> Regards,
>> Chris
>>
>>
>>
>>
>>
>
>
>
>
>

-- 
Christopher Nighswonger
Faculty Member
Network & Systems Director
Foundations Bible College & Seminary
www.foundations.edu
www.fbcradio.org
-------------
NOTICE: The information contained in this electronic mail message is
intended only for the use of the intended recipient, and may also be
protected by the Electronic Communications Privacy Act, 18 USC
Sections 2510-2521. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please reply to the
sender, and delete the original message. Thank you.