Re: [squid-users] Can't see usernames in logs after enabling NTLM

From: Oliver Hookins <ohookins@dont-contact.us>
Date: Tue, 08 Feb 2005 10:41:53 +1100

Henrik Nordstrom wrote:
> On Mon, 7 Feb 2005, Oliver Hookins wrote:
>
>> On my 2.5STABLE3 box I didn't explicitly have a http_access rule
>> referring to the proxy_auth. I had one referring to the
>> squid_ldap_group helper ACL though, and that seemed to work.
>
>
> Correct.
>
>> Anyway here's the list of acl's and http_access lines so maybe you can
>> see what I'm doing wrong on the 2.5STABLE7:
>
>
>> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>> #
>> http_access allow allowedsites
>> http_access allow localhost
>> http_access allow SURFING
>> #
>> http_access allow AuthGroup
>> #
>
>
>
> See "Squid FAQ 10.1 Access Controls - Introduction" for an in-depth
> description of how http_access works.
>
> http://www.squid-cache.org/Doc/FAQ/FAQ-10.html

I've never quite understood it... hence my problem. Let me run this by
you though. If the request is for one of the allowedsites or from the
list of IP addresses in SURFING, the AuthGroup will never even be
touched so NTLM authentication is not activated?

So I should put http_access allow AuthGroup at the very top so that NTLM
authentication is forced on all requests. Then if the request is neither
from a user in the authorised LDAP group, or from an IP address in
SURFING, or to an allowedsite (or from localhost) it will be denied?

When does Squid decided if it needs to activate the proxy_auth password
required thing? During parsing of the configuration file or when a
request is made?

Regards,
Oliver
Received on Mon Feb 07 2005 - 16:42:03 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST