Re: [squid-users] Authentication Override

From: Brian Kirk <bekirk@dont-contact.us>
Date: Thu, 3 May 2007 17:34:12 -0400

Ok I have been trying various configurations in my squid.conf, I am
sure that I was over complicating the issue. Here is a stripped down
version that I would like to use basic if NTLM fails, but it never
drops down to the basic authentication. I think that I am putting
probably alot more in this than I need to get my point across, but if
I log into a machine locally, an try to get to the Internet it prompts
me, but doesn't seem to have the realm correct or use the basic
authentication, we have multiple domains and when we use auth_param
basic program /opt/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic users have to know there domain, and
some of our users aren't that bright:

cache_peer firewall.domain.com parent 8080 0 no-query default
emulate_httpd_log on

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --require-membership-of={SID of
our Internet Group}
auth_param ntlm children 5
#auth_param basic program /opt/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic program /opt/squid/libexec/squid_ldap_auth -R -b
"DC=domain,DC=com" -D "cn=Squid,OU=Service
Accounts,DC=hdq,DC=domain,DC=com" -w "xxxxxx" -f sAMAccountName=%s -h
directory.hdq.domain.com -p 3268
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl all src 0.0.0.0/0.0.0.0
acl authenticated_users proxy_auth REQUIRED
never_direct allow all
http_access allow authenticated_users
http_access deny all
http_reply_access allow all
icp_access allow all
Received on Thu May 03 2007 - 15:34:20 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT