Search squid archive

deny_info not working when use NTLM auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello All,

I Have the following problem:

All NTLM authentication is working, the samba is working, and the krb5
(I am using ads). - (not the problem, yet)

Examples:

access.log with username ok (if I remove de deny acl, work without problems)
[root@maggie squid]# tail /var/log/squid/access.log
1265260503.633      0 172.21.1.10 TCP_DENIED/407 2721 GET
http://www.google.com.br/firefox? - NONE/- text/html
1265260503.645      2 172.21.1.10 TCP_DENIED/407 3011 GET
http://www.google.com.br/firefox? leo NONE/- text/html
1265260507.608      1 172.21.1.10 TCP_DENIED/407 3012 GET
http://www.google.com.br/firefox? - NONE/- text/html
1265260507.614      3 172.21.1.10 TCP_DENIED/407 3003 GET
http://www.google.com.br/firefox? leo NONE/- text/html
1265260789.788      2 172.21.1.10 TCP_DENIED/407 3002 GET
http://pt-br.fxfeeds.mozilla.com/pt-BR/firefox/headlines.xml - NONE/-
text/html
1265260791.388   1598 172.21.1.10 TCP_MISS/302 646 GET
http://pt-br.fxfeeds.mozilla.com/pt-BR/firefox/headlines.xml leo
DIRECT/63.245.209.93 text/html
1265260791.390      0 172.21.1.10 TCP_DENIED/407 2346 GET
http://www.estadao.com.br/rss/ultimas.xml? - NONE/- text/html

kerberos is ok:
[root@maggie squid]# kinit leo
Password for leo@xxxxxxxxxxxxxxx
[root@maggie squid]#

wbinfo:
[root@maggie squid]# wbinfo -t
checking the trust secret via RPC calls succeeded
[root@maggie squid]#
wbinfo -u and -g get all users and groups.


My question is:

When I create a rule like this

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp

acl proxy_auth leo leo
deny_info ERR_ACCESS_DENIED leo
http_access deny leo


What happens, rather than show the access denied page, is asking user
and password (as basic mode, instead of NTLM), but I want to be shown
to Access Denied page (ERR_ACCESS_DENIED)!

I'm using Squid 3 with CentOS 5.4 (but I had the same problem with
ubuntu server 8.04 and squid 2.6)
[root@maggie usr]# rpm -qa | grep squid
squid-3.0.STABLE20-1.el5
[root@maggie usr]#

Thanks!





--
Leonardo Dantas
Natal - RN, Brasil.
Tel: +55 84 8865-7200
ICQ UIN 15073476
lodantas@xxxxxxxxx (MSN Messenger)
twitter: ldoliveira, skype lodantas007
http://www.linkedin.com/in/ldantas/
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux