On 02/08/12 19:32, Usuário do Sistema wrote:
I have done some tests and regardless of the direct come the request the proxy always pop up authentication. maybe there is any way to hacker the authentication....but how to?
Uhm - yes, it will pop up an auth prompt for anyone that *isn't* logged into your domain. The way NTLM is supposed to work is that you only have to log on to the domain in Windows and then you should be able to browse *without* entering credentials. That is, if you've done it right including the Samba/Winbind stuff.
What you are saying in combination with your logs (ie you see "MISS" from the internet IPs rather then just "DENIED") suggests at least one of your domain accounts has been compromised, possibly by brute-forcing the proxy login. How strong were your passwords?
I fear you may now have a whole other mess on your hands, ie figuring out just what has been compromised and how to fix it - which is beyond the scope of this list if it is true.
I suggest you post your whole squid.conf here so we can look at it. Good luck.
Alex
