Hi. I have Squid 3.5 running over Debian 8.
I am using AD authentication. This is part of my squid.conf:
#auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN.com
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm keep_alive off
auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Servidor proxy-cache de mi Dominio
auth_param basic credentialsttl 2 hours
external_acl_type AD_Grupos ttl=10 children=10 %LOGIN
/usr/lib/squid3/ext_wbinfo_group_acl -d
acl AD_Standard external Grupos_AD Standard
acl AD_Exceptuados external Grupos_AD Exceptuados
acl AD_Bloqueados external Grupos_AD Bloqueados
acl face url_regex -i "/etc/squid3/facebook"
acl gob url_regex -i "/etc/squid3/gubernamentales"
http_access allow AD_Standard
http_access allow AD_Exceptuados face
http_access allow AD_Exceptuados gob
http_access deny AD_Bloqueados
http_access deny all
When a users that belongs to AD_Bloqueados is asked for the AD user and
password (of course he/she needs one that belongs to AD_Standard or
AD_Exceptuados). When I try to use one of those users I cannot
authenticate correctly. the popup appears many times until I cancel it.
But sometimes it works. I use all the browsers to do the tests (IE,
Mozilla and the latest Chrome). With Chrome I get good results, but as I
said, it works sometimes.
Because sometimes I login with users not in the domain and I need to
access to internet, I cannot use the 'all' directive in the end of the
line of 'http_access deny AD_Bloqueados.'
I will appreciate a lot any help you can give me.
Sorry for my English. Thanks.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
