In IE internet options/security, try resetting "Local Intranet" to default settings. There is also an option at the bottom of those custom settings regarding username/passwords. I don't have IE in front of me at the moment so can't say exactly what it says but give the default settings a try. I have had similar issues with Bluecoat and kerberos authentication. HTH... On Tuesday 07 October 2008 23:11:48 Tanveer Chowdhury wrote: > Hi all, > > I have setup NTLM authentication with squid-2.6.STABLE20, samba-3.0.10 > and winbind. My purpose is to find the username in both squid and DG > access log which I am getting fine. But the problem is sometimes not > frequest IE prompts a pop up window for authentication and if not > given i.e., pressed cancel then it gives a message like " Cache access > denied". But if you then press Refresh button then it loads again > fine. > > But if you provide the username and password at the login prompt it > also works though. My question is how to STOP this password prompting > pop up window. > > Below is the output of /var/log/squid/cache.log when the password window > prompts > > [2008/09/29 13:39:11, 3] utils/ntlm_auth.c:winbind_pw_check(427) > Login for user [XYZ][testuser]@[PC21] failed due to [Reading winbind > reply failed!] > 2008/09/29 13:39:11| The request GET > http://search.live.com/LS/GLinkPing.aspx?/_1_9SE...... > > Below is my NTLM part of squid.conf file > > auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 > auth_param ntlm keep_alive on > auth_param basic program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-basic auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > > ..... > ....... > acl manager proto cache_object > acl authenticated_users proxy_auth REQUIRED > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > > ... > ..... > #Recommended minimum configuration: > # > # Only allow cachemgr access from localhost > > ##http_access deny !Safe_ports > http_access allow manager localhost > http_access deny manager > # Deny requests to unknown ports > #http_access deny !Safe_ports > # Deny CONNECT to other than SSL ports > http_access deny CONNECT !SSL_ports > http_access allow authenticated_users > > # cat /etc/nsswitch.conf > passwd: compat winbind > group: compat winbind > shadow: compat > > hosts: files dns wins > networks: files dns > protocols: db files > services: db files > ethers: db files > rpc: db files > > > # cat /etc/krb5.conf > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = DOMAIN.COM > > [realms] > DOMAIN.COM = { > default_domain = DOMAIN.COM > kdc = abc.domain.com > kdc = efg.domain.com > kdc = xx.xx.xx.xx > kdc = xx.xx.xx.xx > } > > [domain_realm] > .kerberos.server = DOMAIN.COM -- Jeff Gerard
