The place to start is to grab a wireshark/ethereal trace of the embedded player to see exactly whats going on. Yes you can use ACLs based on request URL but I think mime type requires the reply to be seen and it might be difficult to enforce authentication. Henrik will know better. Adrian On Fri, Dec 07, 2007, Olsson, Mattias wrote: > > Hello! > > I have a cluster of Squid servers integrated with my AD. IE and Firefox > is working most of the time. My biggest problem is that Windows Media > Player, Quicktime and other embedded players fails to auth against the > AD automaticly. I get a popup requesting my usename/password. This is > enoying and it will not work with our PKI2 cards. I dont know if its > possible to solve this problem with embedded players failing against > Squid/Kerberos/AD, so i was hoping for an work around meanwhile. > > First, can it be done? Having embedded players automatically auth > against the AD... > > If not, is it possible to make an exclution acl within squid? Maby on > mime type or application type / sort of traffic? > > This is how i have configured squid, if you are comming from the > internal lan you have to auth... > > > auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 10 > auth_param basic program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-basic > auth_param basic children 5 > auth_param basic realm Proxy Server AUTH > auth_param basic credentialsttl 2 hours > auth_param basic casesensitive off > authenticate_cache_garbage_interval 10 seconds > > acl MYNET proxy_auth REQUIRED src 192.168.0.0/255.255.0.0 > http_access allow MYNET > > Thanks for any kind of help! > > > Mvh / Kind regards > > Mattias Olsson > > Siemens AB > IT Solutions and Services AB > > SE-171 95 Solna > Sweden > > P: +46 8 730 6573 M:+46 70 629 1071 > **************************************'****** -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
