[squid-users] auth squid2.5

From: Marco Berizzi <pupilla@dont-contact.us>
Date: Mon, 17 Jun 2002 14:46:59 +0200

Hi,

I have one question about the auth behaviour in squid-2.5

This is a piece of my squid.conf

auth_param ntlm program bla bla bla
auth_param ntlm children 10
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program bla bla bla
auth_param basic children 10
auth_param basic realm fu fu fu fu
auth_param basic credentialsttl 7200 seconds

acl all src 0.0.0.0/0.0.0.0
acl allowsite dstdomain "/etc/squid/allowSITE"
acl allowip dst "/etc/squid/allowIP"
acl password proxy_auth_regex -i "/etc/squid/allowuser"

reply_body_max_size 15000000 allow allowsite
reply_body_max_size 5000000 allow all

http_access allow allowsite
http_access allow allowip

delay_access 1 allow allowsite
delay_access 1 allow allowip
delay_access 1 deny all

http_access allow password
delay_access 2 allow all
http_access deny all

Now when users browse the internet they *must* have a
valid username/password (that are validated against a NT-Domain).
I don't understand why a not validated user can't browse the internet.
The entry:

http_access allow allowsite

I think should allow browse the internet (if acl allowsite permit)
without any password.

Could anybody explain this? Squid 2.4 with a similar squid.conf
hasn't this behaviour.

Really, my problem isn't the browsing. Some people need to connect
to server in the internet with Vi$ual Interdev (for example),
and M$-Interdev doesn't support both NTLM and/or plain tex: so
for them is impossible to connect.
With squid2.4 I have resolved this problem adding the URL to the
acl allowsite.
Same behaviour happens with Outlook Express/HotMail.
Any escape?

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
Received on Mon Jun 17 2002 - 06:48:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:42 MST