Dear, i’m using external helper in order to ban members according groups
against an Active Directory server.
Rule works as expected but banned users are asked indefenitively with an
authentication popup.
I have tested many ways but always a popup authentication is displayed to
the banned users...
I would like to only display a deny_info instead an authentication popup.
Is it possible to do that ?
Here it is the squid.conf..:
#NTLM authentication:
auth_param ntlm program
/usr/bin/ntlm_auth --domain=ABC.LAB --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 40 startup=10 idle=5
auth_param ntlm keep_alive on
#Basic authentication for other browser that did not supports NTLM:
auth_param basic program
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 30 startup=10 idle=5
auth_param basic realm ABC.LAB
auth_param basic credentialsttl 2 hours
external_acl_type ads_group ttl=3600 children-max=5 children-startup=1
children-idle=2 %LOGIN /usr/share/artica-postfix/external_acl_squid_ldap.php
#The external_acl_squid_ldap.php checks if the user is stored by a defined
group.
acl Banned external ads_group BannedUsers
#The Banned ACL checks if members are stored in BannedUsers group in the
Active Directory
# This deny the BannedUsers group..
http_access deny Banned
http_access allow AUTHENTICATED
http_access deny all
