Search squid archive

Re: Credentials not kept cross domain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Joseph Piché wrote:

Hi.

I have a setup with Squid 3.0 stable 7 and DansGuardian 2.9.9.4. I
have been trying to set up authentication using ntlm_auth connecting
to Active Directory. Everything works fine except I get prompted for a
username and password for every single domain. The credentials are
accepted, and I am allowed to browse that domain (ex. www.google.com)
for as long as the credentialsttl is set, but if I try to access a
different domain, then I am asked for my credentials again. I have
referanced all the FAQs and tried to search the mailing list, and
couldn't find anything. My config is below. Also, when I uncomment the
first two lines, then I get asked for credentials twice. Any help
would be greatly appreciated.


#auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
#auth_param ntlm children 15
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 10
auth_param basic realm Proxy
auth_param basic credentialsttl 2 hours
authenticate_ttl 2 hours

cache_effective_group root
Oh for pete's sake. Never, never, never give permanent root privileges like that to Squid. It undermines the whole idea of security on that box.
Make sure the default user of squid is assigned, with a proper service group and that group or user has access to the resources squid needs to run. 



visible_hostname slate.tbc2day.edu
shutdown_lifetime 5 seconds
http_port 127.0.0.1:3128 vhost

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

pid_filename /var/run/squid3.pid
access_log /var/log/squid3/access.log squid
log_mime_hdrs off
forwarded_for off

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl CONNECT method CONNECT
acl ldap-auth proxy_auth REQUIRED
acl Users src 192.168.0.0/16

always_direct allow localhost

http_access allow manager localhost
http_access deny manager
http_access deny to_localhost
http_access allow ldap-auth Users
http_access allow CONNECT localhost
http_access allow localhost
http_access deny all
miss_access allow all
http_reply_access allow all


Thanks,

Joseph J. Piché



--
Please use Squid 2.7.STABLE3 or 3.0.STABLE7
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux