2012/10/4 muno <muno@xxxxxxxxxxxxx>: > > Thanks Amos, but it doesn't work yet. > >> >> You need an authentiction test around about here somewhere >> (with any ACL tests for non-auth'd visitors above it). >> >> acl authenticated proxy_auth REQUIRED >> >> http_access deny !authenticated > > > > Now I get a "Cache Access Denied" message. That means you're probably not authenticating. Have you looked at cache.log? Access.log? Are you getting HTTP/417 Proxy auth requiered? Is your client responding properly (you can use wireshark to figure that out)? Is winbind working properly (does wbinfo -g or -u show all the AD groups/users)? Did you configure windbind/samba right? What happens when you try to use ntlm_auth from CLI? Do you succeed in authenticating (ntlm_auth --username=x --domain=y --diagnostics)? And don't revert to basic over the internet, though NTLM is leaky as anything these days it's still less leaky then cleartext passwords on the wire (although as far as I understand it it's close to cleartext these days). Hope that helps, Eli > > Any other clue? > > tks > > ----- Original Message ----- > De: Amos Jeffries <squid3@xxxxxxxxxxxxx> > Para: squid-users@xxxxxxxxxxxxxxx > Assunto: Re: Squid3 reverse proxy ntlm > authentication > Data: Fri, 05 Oct 2012 01:17:15 +1300 > >> On 5/10/2012 12:59 a.m., muno wrote: >> > Thanks Amos, >> > >> > I understand the problems and i will analyze the >> > alternative, but for while I need to configure the >> > reverse NTLM. >> > >> > >> > My squid version is: squid 3.2.1 >> > >> > >> > The configuration file have a http_access allow. Sorry, >> > but i forget to copy! >> > >> > >> > Any suggestion? >> > >> > tks >> > ________________________________________________________ >> > >> > root@proxy:/usr/local/squid/etc# more squid.conf >> > >> <snip> >> > >> > http_access allow manager localhost >> > http_access deny manager >> > http_access deny !Safe_ports >> > http_access deny CONNECT !SSL_ports >> >> You need an authentiction test around about here somewhere >> (with any ACL tests for non-auth'd visitors above it). >> >> acl authenticated proxy_auth REQUIRED >> >> http_access deny !authenticated >> >> > http_access allow localhost >> > http_access allow admin >> > http_access allow warp >> > http_access allow uninet >> > http_access allow xymon >> > http_access deny all >> > >> >> HTH >> Amos
