Search squid archive

Re: SquidNT: Strange Internet explorer authentication popup - I'm forced to recreate user profile

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reale Marco wrote:
I'm using squid nt 2.6 stable 4 on windows 2003 server from 1 year (in
active directory environment) with ntlm auth and it works very well
(stable, fast, and no big problems)

My configuration file is (I report only interesting section):

---------------Squid config----------------

auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe

external_acl_type NT_global_group %LOGIN
c:/squid/libexec/mswin_check_lm_group.exe -G -c

acl DomainUsers external NT_global_group "c:/squid/etc/DomainUsers.txt"
acl Proxy_Messengers_yes external NT_global_group Proxy_Messengers_yes
acl Proxy_Internet_Ts external NT_global_group Proxy_Internet_Ts
acl Proxy_All_Open external NT_global_group Proxy_All_Open
acl Proxy_ftp_porn_block_yes external NT_global_group
Proxy_ftp_porn_block_yes


acl porn dstdomain "c:/squid/block/pornblock.txt"
acl ftpblock url_regex -i \.exe$ \.mp3$ \.asx$ \.avi$ \.mpeg$ \.qt$
\.ram$ \.rm$ \.iso$ \.wav$ \.aif$ .\wma$ .\wmv$
..........


# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access deny Proxy_Internet_Ts !trustedsites
http_access allow enabled
http_access deny porn !Proxy_All_Open
deny_info ERR_PORN_ACCESS_DENIED porn
http_access deny bad_word_content_type !Proxy_ftp_porn_block_yes
!Proxy_All_Open
deny_info ERR_PORN_ACCESS_DENIED bad_word_content_type
http_access deny msnmessenger !Proxy_Messengers_yes !Proxy_All_Open
http_access deny msnweb !Proxy_Messengers_yes !Proxy_All_Open
http_access deny msnit !Proxy_Messengers_yes !Proxy_All_Open
http_access deny BadDest !Proxy_Messengers_yes !Proxy_All_Open
http_access deny rs_deny !rs_allowed
http_access deny ftpblock !Proxy_ftp_porn_block_yes !Proxy_All_Open
http_access allow autorizzati DomainUsers

---------------Squid config end----------------


PROBLEM DESCRIPTION:
As already told squid works well but sometimes (10 pc in last 2 months)
happens that on a pc internet explorer continuosly require credentials
(user/password pop-up). If the same user logs on others pc the problem
isn't present.
I think should be an internet explorer (or windows bug) that
unexpectedly stops to work correctly with ntlm authentication and squid.
IMPORTANT: all users have outlook 2003 and exchange 2003 and it works
correctely thus the problem cannot be related to Active directory;
others applications that require kerberos or ntlm authentication
(netlogon, kix, web applications) work correctely also.
Thus...the problem is related to the user profile in fact if I recreate
it, the problem disappears
Can someone give me a suggestion? Is there a way to force internet
explorer clear cached credentials (or something similar...) and avoid to
recreate user's profile?

Thanks
Marco



This sounds undoubtedly like a browser problem rather than a problem with squid. There's a setting in IE that should fix it though. I'm not sure of your profile configuration, restriction-wise, but go to Tools -> Internet Options -> Advanced -> Security -> Enable Integrated Windows Authentication (requires restart). That should enable ntlm. You might find it's just been dropped on some problematic profiles.

Hope this helps
Richard

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux