Markus.Rietzler@xxxxxxxxxxxxxx wrote:
Rich West wrote:
I added NTLM authentication (via winbind back to AD), and that works
great. I can see the user names populated in the output. However, I
cannot seem to get it to allow traffic through for those
users that the
NTLM authentication fails on.
In other words, I have:
---squid.conf snippet---
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Web Proxy Server
auth_param basic credentialsttl 24 hours
...
The simplest way around this is to setup basic authentication as a
backup to NTLM (configured after NTLM auth config). And give those
people a special type of user/pass for internet access.
but this means, that there must be a special user in the AD domain to
work. so everyone can use that "surfer" account.
Not what I meant to say. What did I mean you describe in the next
paragraph ...
you have uses auth ntlm and auth basic. that means that you will first
try to do ntlm auth against AD and if this fails you do basic auth also
against AD. you could change the basic auth to do auth against a local
passwd-file, than you could add accounts with id/password who are
allowed to access the squid. if a person is not member of AD nor in the
passwd-list then he is not allowed to access - at least if he doesn't
know one id/pass from passwd...
markus
Amos
--
Please use Squid 2.7.STABLE3 or 3.0.STABLE7
