On 5/10/2012 6:28 a.m., E.S. Rosenberg wrote:
2012/10/4 muno <muno@xxxxxxxxxxxxx>:
Thanks Amos, but it doesn't work yet.
You need an authentiction test around about here somewhere
(with any ACL tests for non-auth'd visitors above it).
acl authenticated proxy_auth REQUIRED
http_access deny !authenticated
Now I get a "Cache Access Denied" message.
That means you're probably not authenticating.
Have you looked at cache.log?
Access.log?
Are you getting HTTP/417 Proxy auth requiered?
er, "401 Authenticateion Required" response.
Is your client responding properly (you can use wireshark to figure that out)?
Is winbind working properly (does wbinfo -g or -u show all the AD
groups/users)?
Did you configure windbind/samba right? What happens when you try to
use ntlm_auth from CLI?
Do you succeed in authenticating (ntlm_auth --username=x --domain=y
--diagnostics)?
And don't revert to basic over the internet, though NTLM is leaky as
anything these days it's still less leaky then cleartext passwords on
the wire (although as far as I understand it it's close to cleartext
these days).
Hope that helps,
Eli
Amos
