I've got a Linux RH 7.2 box running squid 2.5stable1 with NTLM
authentication implemented as well which is working fine. So far so good...
However, I want to allow web access only to users belonging to a NT group
(called internet). In an earlier e-mail I was told to use the wb-group
external_acl helper which I did so I added the following lines to the
squid.conf file:
-- external_acl_type NT_global_group %LOGIN
/usr/local/squid/libexec/wb_group
-- acl ProxyUsers external NT_global_group internet
-- acl AuthorizedUsers proxy_auth REQUIRED
My rules look like this:
http_access allow AuthorizedUsers ProxyUsers
http_access deny all
With this setup every time I tried to surf I get the following error:
"Access Denied.
Access control configuration prevents your request from being allowed at
this time. Please contact your service provider if you feel this is
incorrect."
From the access.log
"1042667330.327 10 xxx.xxx.148.xxx TCP_DENIED/407 1762 GET
http://www.cromos.com.co/ - NONE/- text/html
1042667330.367 16 xxx.xxx.148.xxx TCP_DENIED/407 1770 GET
http://www.cromos.com.co/ - NONE/- text/html
1042667330.394 25 xxx.xxx.148.xxx TCP_DENIED/403 1407 GET
http://www.cromos.com.co/ vebogx101a\castanedaj NONE/- text/html"
If I remove "ProxyUsers" from the http_access rule my NTLM scheme works
again.(only authenticated users can surf the web)
What could be missing? Any ideas?
Jairo Castaņeda
Received on Wed Jan 15 2003 - 15:31:02 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:41 MST