Fixed using a 303 deny_info remote address
Thanks !!
-----Original Message-----
From: David Touzeau
Sent: Monday, January 07, 2013 6:10 PM
To: squid-users@xxxxxxxxxxxxxxx
Subject: ACL: remove Authentication popup
Dear, i’m using external helper in order to ban members according groups
against an Active Directory server.
Rule works as expected but banned users are asked indefenitively with an
authentication popup.
I have tested many ways but always a popup authentication is displayed to
the banned users...
I would like to only display a deny_info instead an authentication popup.
Is it possible to do that ?
Here it is the squid.conf..:
#NTLM authentication:
auth_param ntlm program
/usr/bin/ntlm_auth --domain=ABC.LAB --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 40 startup=10 idle=5
auth_param ntlm keep_alive on
#Basic authentication for other browser that did not supports NTLM:
auth_param basic program
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 30 startup=10 idle=5
auth_param basic realm ABC.LAB
auth_param basic credentialsttl 2 hours
external_acl_type ads_group ttl=3600 children-max=5 children-startup=1
children-idle=2 %LOGIN /usr/share/artica-postfix/external_acl_squid_ldap.php
#The external_acl_squid_ldap.php checks if the user is stored by a defined
group.
acl Banned external ads_group BannedUsers
#The Banned ACL checks if members are stored in BannedUsers group in the
Active Directory
# This deny the BannedUsers group..
http_access deny Banned
http_access allow AUTHENTICATED
http_access deny all