Sorry to say It didn't work. I tried your 2nd step in "Security" tab Custom level and set it to 3rd option that is use the login time credentials for everything. Then I also changed my settings as described in the squid website. But no luck. Should I set it to default settings in IE as a last resort. Thanks in advance On Sun, Oct 12, 2008 at 8:57 AM, Tanveer Chowdhury <tanveer.chowdhury@xxxxxxxxx> wrote: > Hi, Thanks for your reply. > I will definitely give it a try today and let you all know. > > > On Thu, Oct 9, 2008 at 5:26 AM, Jeff Gerard <mysubscriptions@xxxxxxx> wrote: >> In IE internet options/security, try resetting "Local Intranet" to default >> settings. There is also an option at the bottom of those custom settings >> regarding username/passwords. I don't have IE in front of me at the moment >> so can't say exactly what it says but give the default settings a try. I >> have had similar issues with Bluecoat and kerberos authentication. >> >> HTH... >> >> On Tuesday 07 October 2008 23:11:48 Tanveer Chowdhury wrote: >>> Hi all, >>> >>> I have setup NTLM authentication with squid-2.6.STABLE20, samba-3.0.10 >>> and winbind. My purpose is to find the username in both squid and DG >>> access log which I am getting fine. But the problem is sometimes not >>> frequest IE prompts a pop up window for authentication and if not >>> given i.e., pressed cancel then it gives a message like " Cache access >>> denied". But if you then press Refresh button then it loads again >>> fine. >>> >>> But if you provide the username and password at the login prompt it >>> also works though. My question is how to STOP this password prompting >>> pop up window. >>> >>> Below is the output of /var/log/squid/cache.log when the password window >>> prompts >>> >>> [2008/09/29 13:39:11, 3] utils/ntlm_auth.c:winbind_pw_check(427) >>> Login for user [XYZ][testuser]@[PC21] failed due to [Reading winbind >>> reply failed!] >>> 2008/09/29 13:39:11| The request GET >>> http://search.live.com/LS/GLinkPing.aspx?/_1_9SE...... >>> >>> Below is my NTLM part of squid.conf file >>> >>> auth_param ntlm program /usr/bin/ntlm_auth >>> --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 >>> auth_param ntlm keep_alive on >>> auth_param basic program /usr/bin/ntlm_auth >>> --helper-protocol=squid-2.5-basic auth_param basic children 5 >>> auth_param basic realm Squid proxy-caching web server >>> auth_param basic credentialsttl 2 hours >>> >>> ..... >>> ....... >>> acl manager proto cache_object >>> acl authenticated_users proxy_auth REQUIRED >>> acl localhost src 127.0.0.1/255.255.255.255 >>> acl to_localhost dst 127.0.0.0/8 >>> >>> ... >>> ..... >>> #Recommended minimum configuration: >>> # >>> # Only allow cachemgr access from localhost >>> >>> ##http_access deny !Safe_ports >>> http_access allow manager localhost >>> http_access deny manager >>> # Deny requests to unknown ports >>> #http_access deny !Safe_ports >>> # Deny CONNECT to other than SSL ports >>> http_access deny CONNECT !SSL_ports >>> http_access allow authenticated_users >>> >>> # cat /etc/nsswitch.conf >>> passwd: compat winbind >>> group: compat winbind >>> shadow: compat >>> >>> hosts: files dns wins >>> networks: files dns >>> protocols: db files >>> services: db files >>> ethers: db files >>> rpc: db files >>> >>> >>> # cat /etc/krb5.conf >>> [logging] >>> default = FILE:/var/log/krb5libs.log >>> kdc = FILE:/var/log/krb5kdc.log >>> admin_server = FILE:/var/log/kadmind.log >>> >>> [libdefaults] >>> default_realm = DOMAIN.COM >>> >>> [realms] >>> DOMAIN.COM = { >>> default_domain = DOMAIN.COM >>> kdc = abc.domain.com >>> kdc = efg.domain.com >>> kdc = xx.xx.xx.xx >>> kdc = xx.xx.xx.xx >>> } >>> >>> [domain_realm] >>> .kerberos.server = DOMAIN.COM >> >> >> >> -- >> >> Jeff Gerard >> >
