Hello together,
I'm new on this list therefore I want to introduce myself shortly. My
Name is Christian and I'm working in a IT department.
Currently I'm setting up a squid3 (3.1.20-2.2) proxy connected with the
MS ActiveDirectory. Kerberos, NTLM and Basic authentication are already
working fine.
Now I've problems to set up the acls. Computer and users which are
member of the domain have no problems to authenticate.
But when I use a computer, which is not part of the ActiveDirectory the
auth dialog pops up again and again. I've tried it with firefox,
internet explorer and google chrome. With firefox I've to type in the
credentials for every request. For google.com it means 10 times or so.
With IE and Google Chrome the user can't authenticate even if the
credentials are correct.
Concerning the acls I use the following:
# Authentication required, otherwise Pop-Up
acl Authenticated_Users proxy_auth REQUIRED
http_access deny !Authenticated_Users
acl Internet_Users external ldap_group Internet_Users
http_access allow Internet_Users
http_access deny all
Under http://wiki.squid-cache.org/Features/Authentication I've read the
part about auth loops. But I'm not sure if I've understood them
correctly. My understanding is that an acl which based on proxy_auth,
proxyauth_regex, or an external using %LOGIN shouldn't be the last entry
in http_access like I've done it above. But then the following example
should be correct:
acl Authenticated_Users proxy_auth REQUIRED
acl dummy_acl src 254.254.254.254/32
http_access deny !Authenticated_Users dummy_acl
http_access allow Authenticated_Users all
http_access deny all
Is there anything other that I'm doing wrong? I am grateful for any
help.
