Thanks Kinkie but I'm still getting the popup window (tried with both IE and FF). The client machine is joined to a domain. Basically I'm trying to force an Access Denied page on this client instead of the popup. The wiki does suggest an "all hack" but it's not working for me: http://wiki.squid-cache.org/Features/Authentication#How_do_I_prevent_Login_Popups.3F On Thu, Aug 19, 2010 at 5:09 PM, Kinkie <gkinkie@xxxxxxxxx> wrote: > Sorry, you are right. > You need to > > acl ntlmauth proxy_auth REQUIRED > http_access allow ntlmauth > http_access deny all > > This is a very simplicistic configuration though, please check > squid.conf.documented for a more security-sensitive setup. > > > > On Thu, Aug 19, 2010 at 5:46 PM, Tuan Nguyen <ug32tqn@xxxxxxxxxxxxxx> wrote: >> If I make that change everything will be denied and nothing will be >> passed to the NTLM authenticator. Thanks. >> >> On Thu, Aug 19, 2010 at 4:18 PM, Kinkie <gkinkie@xxxxxxxxx> wrote: >>> On Thu, Aug 19, 2010 at 4:45 PM, Tuan Nguyen <ug32tqn@xxxxxxxxxxxxxx> wrote: >>>> http://wiki.squid-cache.org/Features/Authentication#How_do_I_prevent_Login_Popups.3F >>>> >>>> I have followed the above instruction but still getting login popups. >>>> Basically I'm trying to force "Access Denied" page displayed to >>>> unauthenticated users instead of the popup. Any help would be much >>>> appreciated. Thanks. >>>> >>>> squid.conf: >>>> ... >>>> acl ntlmauth proxy_auth REQUIRED >>>> http_access deny ntlmauth all >>> >>> If you change this to >>> http_access deny all >>> >>> users failing to successfully authenticate at the first attempt will >>> get no login popups. >>> They will still get login popups if: >>> - the client is not joined to a domain >>> - the client is configured not to attempt automatica authentication to the proxy >>> - the clients is not MSIE or Firefox (not sure about other browsers) >>> >>> -- >>> /kinkie >>> >> > > > > -- > /kinkie >
