Interesting the "--require-membership-of", haven't noticed it at all.
This parameter is interesting to check for the global presence of a user
into the domain, but not for matching particular rules for specific
ACLs, such as "http_access allow streaming_media STREAM_AD_GROUP"
together with the external_acl and so on...
About the http debugger... I was using "log_mime_hdrs on" to check the
user agents... but it seems like the ones I find there are not the
correct ones!? Should I really use an http debugger? Which one do you
use, Mathew?
Mathew, have you got the complete list of browsers you use for
streaming_media?
Mauricio
Mathew Archibald wrote:
Whoops my copy and paste didn't go through so well. Below is formatted
properly
acl AuthorizedUsers proxy_auth REQUIRED
acl streaming_media browser -i
"/usr/local/squid-2.6STABLE13/etc/user_agent.conf"
http_access allow streaming_media
http_access allow AuthorizedUsers
I used to use wbinfo_group until I figured out how to match on groups
using the auth_param:
auth_param ntlm program /usr/local/samba-3.0.25a/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
--require-membership-of="CYGNET\\staff"
auth_param ntlm children 10
auth_param ntlm keep_alive on
If you use a http debugger on your traffic you can see the User Agent
string of the streaming media http request and then allow this traffic
through unauthenticated
Mat
-----Original Message-----
From: Mauricio Silveira [mailto:msilveira@xxxxxxxxxxx]
Sent: Wednesday, 8 August 2007 11:44 AM
To: Mathew Archibald
Subject: Re: FW: Allowing streaming media through NTLM
Authentication
Hi Mathew,
You're matching against authenticated users, I'm using it against
wbinfo_group.
Anyway this should work, such as "http_access allow streaming_media
Streaming_allow" (Streaming_allow is an external acl for matching
against a group into the AD server). I didn't notice that browser regex
was case-insensitive(is it?).
Maybe the definitive solution would be using some "trickery" with
req_mime_type, req_header, rep_mime_type options.
I'm Just getting tired of this matter.
Mauricio
Mathew Archibald wrote:
Hi Guys
I was able to work around this problem by matching on the streaming
media's User Agent string. My squid.conf looks like this:
And the user_agent.conf file looks like this:
nsplayer
windows-media-player
quicktime
Mat
-----Original Message-----
From: Gavin White [mailto:white.gavin@xxxxxxxxx]
Sent: Tuesday, 7 August 2007 8:58 PM
To: Plant, Dean
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: Re: FW: Allowing streaming media through NTLM
Authentication
Hi Dean,
how did you disable ntlm authentication? I want to allow certain
clients to bypass ntlm auth based on their IP address.
Thanks,
Gavin
On 8/7/07, Plant, Dean <dean.plant@xxxxxxxxxx> wrote:
Mauricio Silveira wrote:
Hi!
I'm somehow "Happy" I'm not alone with this problem...
I'm having this problem since squid 2.6STABLE9... (ALWAYS)
I've tried everything possible without success...
Let's try to get some progress on this matter, I'll dedicate some
time
to this soon (still this week or the next at most)
If you have any progress, please post it here.
Let's be sure of the problem... try accessing these radios:
http://www.radios.com.br/emissoras/transa_prpop.htm
http://www.radios.com.br/emissoras/transa_sppop.htm
The former uses http as protocol, so it will ask for user/password,
the latter uses mms as protocol, so it won't ask for user/password.
I get the same results using squid-2.6.STABLE13-1.RHEL4.
I have had to disable NTLM authentication (easy fix) for some sites
with
streaming media but to be honest I have not had the time to fully
investigate the cause.
Dean
As far as my small brain knows... that's mms that should be giving
headaches, not the http one!
Please post back if you get the same results, I have to show my boss
I'm right, I'm not alone and i DO KNOW how to configure squid. :D
I'll post here if I get it working, let's flame this discussion....
I
see everyone trying to get rid of streamings, but not trying to get
it
working without these "imperfections".
Thanks,
Mauricio
Hi
Apologies if this has been discussed before but I couldn't find a
solution for my exact problem in the archives.
I run Squid 2.6STABLE13 and have configured it to use NTLM
authentication for all client requests. This is working properly
for
standard traffic but I am hitting a problem with streaming media.
I'm aware that most streaming media can't handle NTLM
authentication
automatically and therefore when a user tries to access streaming
media a login box pops up. I don't want the users being asked to
authenticate so I'm trying to come up with a solution to instruct
the proxy server to not authenticate the streaming media.
I've tried matching on the streaming media mime types but ran into
the problem in that the mime type is in the response and not the
request and it is the request that is authenticated.
Has anyone dealt with this issue before and how did you go about
allowing streaming media through an authenticated proxy?
Regards,
Mathew Archibald
begin:vcard
fn:Mauricio Silveira
n:Silveira;Mauricio
org;quoted-printable:FSN do Brasil - Consultoria em Inform=C3=A1tica;Software Development / Networking
adr:;;;;;;Brazil
email;internet:msilveira@xxxxxxxxxxx
title:Linux Consultant / Developer
tel;cell:11-9949-1040
url:http://www.fsndobrasil.com
version:2.1
end:vcard