Re: [squid-users] Squid3 reverse proxy ntlm authentication

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 05 Oct 2012 14:36:25 +1300

On 5/10/2012 6:28 a.m., E.S. Rosenberg wrote:
> 2012/10/4 muno <muno_at_uninet.com.br>:
>> Thanks Amos, but it doesn't work yet.
>>
>>> You need an authentiction test around about here somewhere
>>> (with any ACL tests for non-auth'd visitors above it).
>>>
>>> acl authenticated proxy_auth REQUIRED
>>>
>>> http_access deny !authenticated
>>
>>
>> Now I get a "Cache Access Denied" message.
> That means you're probably not authenticating.
> Have you looked at cache.log?
> Access.log?
> Are you getting HTTP/417 Proxy auth requiered?

er, "401 Authenticateion Required" response.

> Is your client responding properly (you can use wireshark to figure that out)?
> Is winbind working properly (does wbinfo -g or -u show all the AD
> groups/users)?
> Did you configure windbind/samba right? What happens when you try to
> use ntlm_auth from CLI?
> Do you succeed in authenticating (ntlm_auth --username=x --domain=y
> --diagnostics)?
>
> And don't revert to basic over the internet, though NTLM is leaky as
> anything these days it's still less leaky then cleartext passwords on
> the wire (although as far as I understand it it's close to cleartext
> these days).
>
> Hope that helps,
> Eli

Amos
Received on Fri Oct 05 2012 - 01:36:37 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 05 2012 - 12:00:03 MDT