Re: [squid-users] Certain applications when using NTLM auth

Sure, I was going to do that at my previous mail, but didn't had
access to the Squid box that time.
And by the way: Yes, you got it just right. That's exactly what's happening.

Here's what I've got:

auth_param ntlm program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30

acl autentica proxy_auth REQUIRED
acl forbidden url_regex "path_for_list"
acl whitelist dstdomain "path_for_domain_whitelist"
(those are the main ACL's)

http_access allow autentica whitelist
http_access allow autentica !forbidden

Explaining: Basically I have a list of forbidden terms (full of ugly
names and some others) and a domain whitelists (for fake positives).
I allow complete access to the domains in the whitelist and allow
access to all URL's which don't match any term in the forbidden list.

Here's some basic access.log output:

1233688830.613 0 192.168.1.149 TCP_DENIED/407 3189 GET
http://www.osram.com.br/_resources/img/misc/iTop.gif - NONE/-
text/html
1233688830.617 2 192.168.1.149 TCP_IMS_HIT/304 256 GET
http://www.osram.com.br/_resources/img/misc/iTop.gif <username> NONE/-
image/gif

First a HTTP 407, followed by the same requisition, this time authenticated.

And now here's some APT access.log output:

1233662651.716 0 192.168.1.74 TCP_DENIED/407 2451 GET
http://security.debian.org/dists/etch/updates/main/source/Sources.diff/Index
- NONE/- text/html
1233662651.761 0 192.168.1.74 TCP_DENIED/407 2463 GET
http://security.debian.org/dists/etch/updates/contrib/source/Sources.diff/Index
- NONE/- text/html
1233662651.767 0 192.168.1.74 TCP_DENIED/407 2513 GET
http://security.debian.org/dists/etch/updates/main/binary-i386/Packages.gz
- NONE/- text/html
1233662651.773 0 192.168.1.74 TCP_DENIED/407 2525 GET
http://security.debian.org/dists/etch/updates/contrib/binary-i386/Packages.gz
- NONE/- text/html
1233662651.804 0 192.168.1.74 TCP_DENIED/407 2489 GET
http://security.debian.org/dists/etch/updates/main/source/Sources.gz -
NONE/- text/html
1233662651.808 0 192.168.1.74 TCP_DENIED/407 2501 GET
http://security.debian.org/dists/etch/updates/contrib/source/Sources.gz
- NONE/- text/html

As you can see, only 407 answers.

Here's my apt.conf:

Acquire::http::Proxy "http://me:123456@<squidbox_IP>:3128/";

And that's it. I've got no clues at all.

Thanks again for the attention.

Henrique

2009/2/3 James Zuelow <James_Zuelow_at_ci.juneau.ak.us>:
>
>> -----Original Message-----
>> From: Henrique Machado [mailto:henrique.cicuto_at_gmail.com]
>> Sent: Tuesday, 03 February, 2009 03:10
>> To: James Zuelow
>> Cc: squid-users_at_squid-cache.org
>> Subject: Re: [squid-users] Certain applications when using NTLM auth
>>
>> Dear James,
>>
>> Thanks for the attention. Yes, I´m talking about Debian APT Tool =].
>> And I´ve already configured apt.conf so to use the proxy, adding
>> username and password in it, but even so it´s not working, and my
>> proxy keeps returning HTTP 407.
>> Tried creating a user "me" with password "123456" inside my AD domain,
>> and it´s not working as well.
>> Maybe something in my Squid auth configuration, but I´m not sure.
>>
>
> Hmm. So if I understand what's going on correctly -- a normal user can authenticate through the proxy, either automatically with IE or Firefox on a Windows box, or else by providing a username/password for something like Firefox on a Linux box. Correct? If so, then the apt.conf entry should be working.
>
> It is easy to get strange results if the access rules are out of order.
>
> Can you sanitize your rules and post them? And the apt.conf file as well?
>
Received on Tue Feb 03 2009 - 19:25:41 MST