Re: [squid-users] Squid3 reverse proxy ntlm authentication

The only error i get is:

1349294400.422 429 200.220.102.34 TCP_MISS/401 2171 GET
http://warpx.uninet.c
om.br/ - FIRSTUP_PARENT/200.220.0.103 text/html

AND

349354025.463 0 200.220.102.34 TCP_DENIED/401 4014 GET
http://warpx.uninet
.com.br/favicon.ico - HIER_NONE/- text/html

Just for my understanding. I need authenticated browser and
squid passing credentials. I don't know if the path that i
am trying is correct. am I correct?

thanks

emilio
----- Original Message -----
De: "E.S. Rosenberg" <esr+squid_at_g.jct.ac.il>
Para: muno <muno_at_uninet.com.br>
Cc: Amos Jeffries <squid3_at_treenet.co.nz>,
squid-users_at_squid-cache.org
Assunto: Re: [squid-users] Squid3 reverse proxy ntlm
authentication
Data: Thu, 4 Oct 2012 19:28:19 +0200

> 2012/10/4 muno <muno_at_uninet.com.br>:
> >
> > Thanks Amos, but it doesn't work yet.
> >
> >>
> >> You need an authentiction test around about here
> somewhere >> (with any ACL tests for non-auth'd visitors
> above it). >>
> >> acl authenticated proxy_auth REQUIRED
> >>
> >> http_access deny !authenticated
> >
> >
> >
> > Now I get a "Cache Access Denied" message.
> That means you're probably not authenticating.
> Have you looked at cache.log?
> Access.log?
> Are you getting HTTP/417 Proxy auth requiered?
> Is your client responding properly (you can use wireshark
> to figure that out)? Is winbind working properly (does
> wbinfo -g or -u show all the AD groups/users)?
> Did you configure windbind/samba right? What happens when
> you try to use ntlm_auth from CLI?
> Do you succeed in authenticating (ntlm_auth --username=x
> --domain=y --diagnostics)?
>
> And don't revert to basic over the internet, though NTLM
> is leaky as anything these days it's still less leaky then
> cleartext passwords on the wire (although as far as I
> understand it it's close to cleartext these days).
>
> Hope that helps,
> Eli
> >
> > Any other clue?
> >
> > tks
> >
> > ----- Original Message -----
> > De: Amos Jeffries <squid3_at_treenet.co.nz>
> > Para: squid-users_at_squid-cache.org
> > Assunto: Re: [squid-users] Squid3 reverse proxy ntlm
> > authentication
> > Data: Fri, 05 Oct 2012 01:17:15 +1300
> >
> >> On 5/10/2012 12:59 a.m., muno wrote:
> >> > Thanks Amos,
> >> >
> >> > I understand the problems and i will analyze the
> >> > alternative, but for while I need to configure the
> >> > reverse NTLM.
> >> >
> >> >
> >> > My squid version is: squid 3.2.1
> >> >
> >> >
> >> > The configuration file have a http_access allow.
> Sorry, >> > but i forget to copy!
> >> >
> >> >
> >> > Any suggestion?
> >> >
> >> > tks
> >> >
> ________________________________________________________
> >> > >> > root_at_proxy:/usr/local/squid/etc# more squid.conf
> >> >
> >> <snip>
> >> >
> >> > http_access allow manager localhost
> >> > http_access deny manager
> >> > http_access deny !Safe_ports
> >> > http_access deny CONNECT !SSL_ports
> >>
> >> You need an authentiction test around about here
> somewhere >> (with any ACL tests for non-auth'd visitors
> above it). >>
> >> acl authenticated proxy_auth REQUIRED
> >>
> >> http_access deny !authenticated
> >>
> >> > http_access allow localhost
> >> > http_access allow admin
> >> > http_access allow warp
> >> > http_access allow uninet
> >> > http_access allow xymon
> >> > http_access deny all
> >> >
> >>
> >> HTH
> >> Amos
Received on Thu Oct 04 2012 - 17:50:26 MDT