Hi, Thanks for your reply. I will definitely give it a try today and let you all know. On Thu, Oct 9, 2008 at 5:26 AM, Jeff Gerard <mysubscriptions@xxxxxxx> wrote: > In IE internet options/security, try resetting "Local Intranet" to default > settings. There is also an option at the bottom of those custom settings > regarding username/passwords. I don't have IE in front of me at the moment > so can't say exactly what it says but give the default settings a try. I > have had similar issues with Bluecoat and kerberos authentication. > > HTH... > > On Tuesday 07 October 2008 23:11:48 Tanveer Chowdhury wrote: >> Hi all, >> >> I have setup NTLM authentication with squid-2.6.STABLE20, samba-3.0.10 >> and winbind. My purpose is to find the username in both squid and DG >> access log which I am getting fine. But the problem is sometimes not >> frequest IE prompts a pop up window for authentication and if not >> given i.e., pressed cancel then it gives a message like " Cache access >> denied". But if you then press Refresh button then it loads again >> fine. >> >> But if you provide the username and password at the login prompt it >> also works though. My question is how to STOP this password prompting >> pop up window. >> >> Below is the output of /var/log/squid/cache.log when the password window >> prompts >> >> [2008/09/29 13:39:11, 3] utils/ntlm_auth.c:winbind_pw_check(427) >> Login for user [XYZ][testuser]@[PC21] failed due to [Reading winbind >> reply failed!] >> 2008/09/29 13:39:11| The request GET >> http://search.live.com/LS/GLinkPing.aspx?/_1_9SE...... >> >> Below is my NTLM part of squid.conf file >> >> auth_param ntlm program /usr/bin/ntlm_auth >> --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 >> auth_param ntlm keep_alive on >> auth_param basic program /usr/bin/ntlm_auth >> --helper-protocol=squid-2.5-basic auth_param basic children 5 >> auth_param basic realm Squid proxy-caching web server >> auth_param basic credentialsttl 2 hours >> >> ..... >> ....... >> acl manager proto cache_object >> acl authenticated_users proxy_auth REQUIRED >> acl localhost src 127.0.0.1/255.255.255.255 >> acl to_localhost dst 127.0.0.0/8 >> >> ... >> ..... >> #Recommended minimum configuration: >> # >> # Only allow cachemgr access from localhost >> >> ##http_access deny !Safe_ports >> http_access allow manager localhost >> http_access deny manager >> # Deny requests to unknown ports >> #http_access deny !Safe_ports >> # Deny CONNECT to other than SSL ports >> http_access deny CONNECT !SSL_ports >> http_access allow authenticated_users >> >> # cat /etc/nsswitch.conf >> passwd: compat winbind >> group: compat winbind >> shadow: compat >> >> hosts: files dns wins >> networks: files dns >> protocols: db files >> services: db files >> ethers: db files >> rpc: db files >> >> >> # cat /etc/krb5.conf >> [logging] >> default = FILE:/var/log/krb5libs.log >> kdc = FILE:/var/log/krb5kdc.log >> admin_server = FILE:/var/log/kadmind.log >> >> [libdefaults] >> default_realm = DOMAIN.COM >> >> [realms] >> DOMAIN.COM = { >> default_domain = DOMAIN.COM >> kdc = abc.domain.com >> kdc = efg.domain.com >> kdc = xx.xx.xx.xx >> kdc = xx.xx.xx.xx >> } >> >> [domain_realm] >> .kerberos.server = DOMAIN.COM > > > > -- > > Jeff Gerard >
