Search squid archive

Re: Problem setting up SquidNT and NT Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

At 09.28 20/06/2005, Tom Cannaerts wrote:


Hi, I'm new to Squid, and I can't seem to solve this problem (probably
overlooking something)

I'm using SquidNT running on a Windows Server 2003 Active Directory
controller, and want to restrict access to a specific Windows user group
(InternetUsers).
What happens is that I always get a permission denied page, and the
browser does not prompt me for a username/password (tried both IE and
FireFox).
I found a linux example on how this should be done (using a perl
script), and changed it to use the exe files supplied with SquidNT, but
it ain't working.


The behaviour is as expected.


Here are the relevant lines of my squid.conf

auth_param ntlm program c:/squid/libexec/win32_ntlm_auth.exe
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off


Usage of

auth_param ntlm use_ntlm_negotiate on

is recommended on Windows.


auth_param basic program c:/squid/libexec/NT_auth.exe
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

external_acl_type NT_local_group %LOGIN
c:/squid/libexec/win32_check_group.exe
acl LProxyUsers external NT_local_group InternetUsers
acl password proxy_auth REQUIRED
http_access allow password LProxyUsers
http_access deny all
win32_check_group.exe helper cannot lookup by design into DOMAIN Local Groups, but only into MACHINE local group. You cannot use Local groups on a Domain Controller, use Global groups instead. 



If anyone has done something similar, or simply knows how this must be
done, please help me out.
First step: try with user authentication only, when it works, try with group authorization. 

Regards

Guido



-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1           10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135  Fax. : +39.011.9781115
Email: guido.serassio@xxxxxxxxxxxxxxxxx
WWW: http://www.acmeconsulting.it/
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux