Gavin White wrote:
Hi, I'm running 2.6.STABLE6 on RHEL4.5, and I have ntlm authentication working via smb/winbind. My problem is that I have a mixed client base of windows PCs, which can do ntlm, and linux servers, which cannot. All the linux servers are on their own IP network, 192.168.0.0/24, while the windows PCs are in 192.168.0.1/24. I would like to use ntlm auth for the windows PCs, and allow the linux machines to use the proxy without ntlm authentication. I have tried various combinations of acls, but I always end up in a position where all requests succeed without authentication, or the windows work but the linux clients fail with '407 authfail'. My current config is: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp acl ntlmauth src 192.168.1.0/24 acl nonntlm src 192.168.0.0/24
acl mynet src 192.168.0.0/23
acl AuthorizedUsers proxy_auth #with and without REQUIRED, no difference http_access allow nonntlm http_access allow AuthorizedUsers ntlmauth #have also tried 'ntlmauth AuthorizedUsers ' Is this possible? Can I configure squid to require ntlm auth for some source addresses, but not for others?
http_access deny ntlmauth !AuthorizedUsers # Prevent the 192.168.1.0/24 netblock from surfing without authentication
http_access allow mynet # Allow my network to use the proxy http_access deny all # Keep the riff-raff out
Thanks, Gavin
Chris
