On Tue, 25 Jan 2011 19:25:33 +0530, Senthilkumar wrote: > Hi Amos, > > I have followed the suggestions provided by you and if use deny without > "all" i am getting pop up when i access denied sites, it is suppressed > when i use all. > We use ntlm scheme to authenticate with domain users, all users can > authenticate without any prompt, while browsing out of 350 users only > 5-6 users getting prompt rarely(around 2-3 times a day) > There is no specific website or time the prompt appears. Please suggest > some troubleshooting ideas and cause for it. > The cache.log does not show any errors I'm not sure exactly which deny line you are describing as producing a popup. The config below looks right. Where you deny based on group lookups the lines should end with "all", as you saw not having it there produces the popup. NTLM can suffer from a few issues on connections and some bugs in Squid. Though both of these problems have been worked on and reduced in newer releases. If one of the "allow" group lookups is somehow failing this may produce a popup. I am not sure how one would check for these in production environment. The things to watch out for are the HTTP auth headers for the request before during and after the prompt appears. Whether this is happening on a connection while it stays up, or if the connection drops out on the challenge. Whether it happened on a new connection using some non-NTLM auth (ie a Windows 7 machine trying an unexpected encryption, or some background application with the wrong keys). Amos