Hi, Any suggestions for my query? On Wed, Sep 2, 2009 at 11:07 AM, Tejpal Amin<tejpal.amin@xxxxxxxxx> wrote: > Hi Amos, > > You are correct, the NTLM auth is working in my configuration, the > problem I have is that the users not logged onto the domain get a pop > up window for authentication. These users can use valid credentials > and access the site (eventhough they don't login to the domain). > My aim is that the users not logging onto the domain should not be > getting this authentiction Window , this will stop them from accessing > the internet even if they have valid credentials. > > Regards > Tej > > On Wed, Sep 2, 2009 at 5:36 AM, Amos Jeffries<squid3@xxxxxxxxxxxxx> wrote: >> On Tue, 1 Sep 2009 17:07:52 +0530, Tejpal Amin <tejpal.amin@xxxxxxxxx> >> wrote: >>> AMos, >>> >>> I tried putting this line in the conf file but it did not work. >>> >>> My aim is to stop users not logging onto my AD domain from accessing >>> the internet. >>> I have configured NTLM authentication for my squid but the issue is >>> teh users not logging onto teh domain get a prompt for authentication. >>> >>> There should be no way of accessing teh internet for non domain users. >>> >> >> Which is exactly what that line I gave you does. >> >> I assume when you said "squid throws up an authentication dialog box" that >> you already had authentication working. This line replaces whatever you >> currently have doing "deny !auth" in your config and causing the dialog box >> to appear. The 'all' at the end of the line prevents the dialog being >> requested by Squid. >> >> Amos >> >> >>> Regards >>> Tej >>> >>> On Tue, Sep 1, 2009 at 2:54 PM, Amos Jeffries<squid3@xxxxxxxxxxxxx> >> wrote: >>>> Tejpal Amin wrote: >>>>> >>>>> HI, >>>>> >>>>> I have a squid proxy which uses NTLM authentication for authenticating >>>>> users. >>>>> >>>>> I would like to restrict access only to users logging onto domain for >>>>> the other users it should deny access. >>>>> The problem I am facing is that for machines that are not joined to >>>>> windows domain, the squid throws up an authentication dialog box. >>>> >>>> So you require authentication to use the proxy, but do not want Squid to >>>> notify the browsers about this critical requirement? >>>> >>>> >>>> http_access deny !auth all >>>> >>>> Where "auth" is whatever ACL name you have in your squid.conf to test >>>> authentication. >>>> >>>> >>>> Amos >>>> -- >>>> Please be using >>>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 >>>> Current Beta Squid 3.1.0.13 >>>> >> >
