Hi all ! I finally (sort of) manage to get squid with ntlm authentication. I now have it working as i want it, but there's a configuration that i had to change and that's keeping bugging me in the why. Everything was workig fine until reaching https sites. If i had enabled both types of authentication: ntlm and basic (for those under Linux or not using a ntlm enabled browser): -------- # Autenticacao NTLM - Winbind - AD auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 300 auth_param ntlm keep_alive off auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 100 auth_param basic realm Por favor autentique-se! auth_param basic credentialsttl 2 hours acl ntlmAuth proxy_auth REQUIRED -------------------- This configuration worked fine, but those with NTLM (windows + IE / Firefox) were asked for authentication (that shouldn't happen). Those in Linux worked just fine (with an authentication dialog) and every site appears as it should be. If i remove the basic authentication, those with windows (IE and Firefox) are NOT asked for authentication and those using Linux are asked for authentication (everything fine here). Here is the problem: Those using Linux can't access (most) https sites. It just gives: TCP_DENIED/407 3833 CONNECT twitter.com:443 - NONE/- text/html And nothing happens... So i've decided to do an experiment In squid.conf, i've changed: # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports to http_access allow CONNECT SSL_ports And sudden all those https sites began working... Well, by question is: Is this correect ? What would be happening with the other configuration? Is it safe ? hope someone can shed some light in this matter. Thank you all -- Use Open Source Software Human knowledge belongs to the world Bruno Santos bvsantos@xxxxxxxxxxxxxxxxxx http://www.twitter.com/feiticeir0 Tel: +351 962 753 053 Divisão de Informática informatica@xxxxxxxxxxxxxxxxxx Tel: +351 272 000 155 Fax: +351 272 000 257 Unidade Local de Saúde de Castelo Branco, E.P.E. geral@xxxxxxxxxxxxxxxxxx Tel: +351 272 000 272 Fax: +351 272 000 257 Linux registered user #349448 LPIC-1 Certification
