Whoops my copy and paste didn't go through so well. Below is formatted properly acl AuthorizedUsers proxy_auth REQUIRED acl streaming_media browser -i "/usr/local/squid-2.6STABLE13/etc/user_agent.conf" http_access allow streaming_media http_access allow AuthorizedUsers I used to use wbinfo_group until I figured out how to match on groups using the auth_param: auth_param ntlm program /usr/local/samba-3.0.25a/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="CYGNET\\staff" auth_param ntlm children 10 auth_param ntlm keep_alive on If you use a http debugger on your traffic you can see the User Agent string of the streaming media http request and then allow this traffic through unauthenticated Mat -----Original Message----- From: Mauricio Silveira [mailto:msilveira@xxxxxxxxxxx] Sent: Wednesday, 8 August 2007 11:44 AM To: Mathew Archibald Subject: Re: FW: Allowing streaming media through NTLM Authentication Hi Mathew, You're matching against authenticated users, I'm using it against wbinfo_group. Anyway this should work, such as "http_access allow streaming_media Streaming_allow" (Streaming_allow is an external acl for matching against a group into the AD server). I didn't notice that browser regex was case-insensitive(is it?). Maybe the definitive solution would be using some "trickery" with req_mime_type, req_header, rep_mime_type options. I'm Just getting tired of this matter. Mauricio Mathew Archibald wrote: > Hi Guys > > I was able to work around this problem by matching on the streaming > media's User Agent string. My squid.conf looks like this: > > > > And the user_agent.conf file looks like this: > > nsplayer > windows-media-player > quicktime > > Mat > > -----Original Message----- > From: Gavin White [mailto:white.gavin@xxxxxxxxx] > Sent: Tuesday, 7 August 2007 8:58 PM > To: Plant, Dean > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: FW: Allowing streaming media through NTLM > Authentication > > Hi Dean, > > how did you disable ntlm authentication? I want to allow certain > clients to bypass ntlm auth based on their IP address. > > Thanks, > > Gavin > > On 8/7/07, Plant, Dean <dean.plant@xxxxxxxxxx> wrote: > >> Mauricio Silveira wrote: >> >>> Hi! >>> >>> I'm somehow "Happy" I'm not alone with this problem... >>> >>> I'm having this problem since squid 2.6STABLE9... (ALWAYS) >>> >>> I've tried everything possible without success... >>> >>> Let's try to get some progress on this matter, I'll dedicate some >>> > time > >>> to this soon (still this week or the next at most) >>> >>> If you have any progress, please post it here. >>> >>> Let's be sure of the problem... try accessing these radios: >>> >>> http://www.radios.com.br/emissoras/transa_prpop.htm >>> http://www.radios.com.br/emissoras/transa_sppop.htm >>> >>> >>> The former uses http as protocol, so it will ask for user/password, >>> the latter uses mms as protocol, so it won't ask for user/password. >>> >> I get the same results using squid-2.6.STABLE13-1.RHEL4. >> >> I have had to disable NTLM authentication (easy fix) for some sites >> > with > >> streaming media but to be honest I have not had the time to fully >> investigate the cause. >> >> Dean >> >> >>> As far as my small brain knows... that's mms that should be giving >>> headaches, not the http one! >>> >>> Please post back if you get the same results, I have to show my boss >>> I'm right, I'm not alone and i DO KNOW how to configure squid. :D >>> >>> I'll post here if I get it working, let's flame this discussion.... >>> > I > >>> see everyone trying to get rid of streamings, but not trying to get >>> > it > >>> working without these "imperfections". >>> >>> Thanks, >>> >>> Mauricio >>> >>> >>>> Hi >>>> >>>> Apologies if this has been discussed before but I couldn't find a >>>> solution for my exact problem in the archives. >>>> >>>> I run Squid 2.6STABLE13 and have configured it to use NTLM >>>> authentication for all client requests. This is working properly >>>> > for > >>>> standard traffic but I am hitting a problem with streaming media. >>>> >>>> I'm aware that most streaming media can't handle NTLM >>>> > authentication > >>>> automatically and therefore when a user tries to access streaming >>>> media a login box pops up. I don't want the users being asked to >>>> authenticate so I'm trying to come up with a solution to instruct >>>> the proxy server to not authenticate the streaming media. >>>> >>>> I've tried matching on the streaming media mime types but ran into >>>> the problem in that the mime type is in the response and not the >>>> request and it is the request that is authenticated. >>>> >>>> Has anyone dealt with this issue before and how did you go about >>>> allowing streaming media through an authenticated proxy? >>>> >>>> Regards, >>>> >>>> Mathew Archibald >>>> > > > >
