Try again. -----Original Message----- From: muno@xxxxxxxxxxxxx [mailto:muno@xxxxxxxxxxxxx] Sent: Wednesday, October 03, 2012 4:54 PM To: squid-users@xxxxxxxxxxxxxxx Subject: Squid3 reverse proxy ntlm authentication Importance: High I need to configure the Squid3 to authenticate via NTLM reverse proxy authentication. I have instaled and configured the squid but the browser requires the password again and again. Anyone have a clue to help me? Here my configuration: ./configure --prefix=/usr/local/squid --exec_prefix=/usr/local/squid --enable-ssl --enable-auth-ntlm="ntlm,basic" --enable-basic-auth-helpers="winbind" --enable-ntlm-auth-helpers="winbind" --enable-external-aclhelpers="winbind_group,wbinfo_group" --enable-delay-pools --enable-removal-policies --enable-underscores --enable-cache-digests --disable-ident-lookups --enable-truncate --with-winbind-auth-challenge ------------------------------- squid.conf ### pure ntlm authentication auth_param ntlm program /usr/lib/squid/ntlm_auth auth_param ntlm children 10 auth_param ntlm keep_alive off ### provide basic authentication via ldap for clients not authenticated via kerberos/ntlm #auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b "dc=example,dc=local" -D squid@example.local -W /etc/squid3/ldappass.txt -f sAMAccountName=%s -h dc1.example.loc al #auth_param basic children 10 #auth_param basic realm Internet Proxy #auth_param basic credentialsttl 1 minute acl warp dstdomain warpx.uninet.com.br acl xymon dstdomain monitorx.uninet.com.br acl uninet dstdomain www.uninet.com.br acl admin src 200.220.1.0/24 acl admin src 200.220.102.0/24 acl unisys src 129.222.0.0/16 acl unisys src 129.224.0.0/16 acl unisysvpn src 172.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_port 80 accel https_port 443 accel cert=/usr/local/squid/CA/cacert.pem key=/usr/local/squid/CA/cakey.pem cache_peer 200.220.0.103 parent 80 0 no-query no-digest connection-auth=on originserver proxy-only no-netdb-exchange login=PASS name=warpsite cache_peer_access warpsite allow warp cache_peer 200.220.0.139 parent 443 0 no-query no-digest originserver login=PASS ssl sslflags=DONT_VERIFY_PEER name=xymonsite cache_peer_access xymonsite allow xymon cache_peer 200.220.0.120 parent 80 0 no-query no-digest originserver name=uninetsite cache_peer_access uninetsite allow uninet #http_access allow all http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all coredump_dir /var/spool/squid3 cache deny all # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 cache_effective_user proxy ----------------- thanks Emilio
