Re: [squid-users] Deny pre Authentication of Machine-Accounts against squid

From: Amos Jeffries <>
Date: Fri, 24 Aug 2012 19:24:22 +1200

On 24/08/2012 12:38 a.m., Stefan Bauer wrote:
> Dear Developers & Users,
> I'm using squid with negotiate (ntlm+kerberos)
> I recently discovered, that a computer which is member of the corporate domain is able to successfully authenticate against squid and use the proxy even though the local user is not yet logged on.
> We want to deny this and only allow the domain-user to use the proxy after logon. How can we achieve this the best way?

You need to prevent the DC accepting machine accounts being
authenticated from the proxy. Or use group privileges to assign only
user accounts access through the proxy.

But why? the machine needs to do security system updates etc regardless
of who is logged in.

Received on Fri Aug 24 2012 - 07:24:34 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 24 2012 - 12:00:04 MDT