[squid-users] force popup with kerberos+sso from only one machine of domain

From: Usuario Lista <usuario.foros.listas_at_gmail.com>
Date: Fri, 13 Sep 2013 10:29:41 +0200

Currently I have configured squid with kerberos and sso 3.3.3 for all
computers in the domain and working great.
Now, I have to configure a domain computer so they can use many users
with free access to internet, but I want them controlled.
Then, I want the browser from that MAC user and password request for
each user you want to browse.
As I can force from the MAC to leave the username and password popup asking?
The pc will enter with a generic user domain.

This is my setup:

auth_param negotiate program /usr/local/bin/negotiate_wrapper --ntlm
/usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
--domain=DOMAIN --kerberos /usr/local/bin/squid_kerb_auth -i -r -s
GSS_C_NO_NAME
auth_param negotiate children 100
auth_param negotiate keep_alive on

auth_param ntlm program /usr/bin/ntlm_auth --diagnostics
--helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN
auth_param ntlm children 50
auth_param ntlm keep_alive off

auth_param basic program /opt/squid33/libexec/basic_ldap_auth -R -b
"dc=domain,dc=com" -D user_at_domain.com -W /opt/squid33/etc/ldappass.txt
-f sAMAccountName=%s -h server.domain.com
auth_param basic children 30
auth_param basic realm Proxy
auth_param basic credentialsttl 1 minute

acl users proxy_auth REQUIRED

.
.
.
.
.
Received on Fri Sep 13 2013 - 08:29:47 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 20 2013 - 12:00:05 MDT