Re: [squid-users] Restricting access to users logging onto windows domain from Tejpal Amin on 2009-09-01 (squid-users)

From: Tejpal Amin <tejpal.amin_at_gmail.com>
Date: Wed, 2 Sep 2009 11:07:12 +0530

Hi Amos,

You are correct, the NTLM auth is working in my configuration, the
problem I have is that the users not logged onto the domain get a pop
up window for authentication. These users can use valid credentials
and access the site (eventhough they don't login to the domain).
My aim is that the users not logging onto the domain should not be
getting this authentiction Window , this will stop them from accessing
the internet even if they have valid credentials.

Regards
Tej

On Wed, Sep 2, 2009 at 5:36 AM, Amos Jeffries<squid3_at_treenet.co.nz> wrote:
> On Tue, 1 Sep 2009 17:07:52 +0530, Tejpal Amin <tejpal.amin_at_gmail.com>
> wrote:
>> AMos,
>>
>> I tried putting this line in the conf file but it did not work.
>>
>> My aim is to stop users not logging onto my AD domain from accessing
>> the internet.
>> I have configured NTLM authentication for my squid but the issue is
>> teh users not logging onto teh domain get a prompt for authentication.
>>
>> There should be no way of accessing teh internet for non domain users.
>>
>
> Which is exactly what that line I gave you does.
>
> I assume when you said "squid throws up an authentication dialog box" that
> you already had authentication working. This line replaces whatever you
> currently have doing "deny !auth" in your config and causing the dialog box
> to appear. The 'all' at the end of the line prevents the dialog being
> requested by Squid.
>
> Amos
>
>
>> Regards
>> Tej
>>
>> On Tue, Sep 1, 2009 at 2:54 PM, Amos Jeffries<squid3_at_treenet.co.nz>
> wrote:
>>> Tejpal Amin wrote:
>>>>
>>>> HI,
>>>>
>>>> I have a squid proxy which uses NTLM authentication for authenticating
>>>> users.
>>>>
>>>> I would like to restrict access only to users logging onto domain for
>>>> the other users it should deny access.
>>>> The problem I am facing is that for machines that are not joined to
>>>> windows domain, the squid throws up an authentication dialog box.
>>>
>>> So you require authentication to use the proxy, but do not want Squid to
>>> notify the browsers about this critical requirement?
>>>
>>>
>>> http_access deny !auth all
>>>
>>> Where "auth" is whatever ACL name you have in your squid.conf to test
>>> authentication.
>>>
>>>
>>> Amos
>>> --
>>> Please be using
>>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>>> Current Beta Squid 3.1.0.13
>>>
>
Received on Wed Sep 02 2009 - 05:37:19 MDT

This archive was generated by hypermail 2.2.0 : Mon Sep 07 2009 - 12:00:02 MDT