Whoops my copy and paste didn't go through so well. Below is formatted
properly
acl AuthorizedUsers proxy_auth REQUIRED
acl streaming_media browser -i
"/usr/local/squid-2.6STABLE13/etc/user_agent.conf"
http_access allow streaming_media
http_access allow AuthorizedUsers
I used to use wbinfo_group until I figured out how to match on groups
using the auth_param:
auth_param ntlm program /usr/local/samba-3.0.25a/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
--require-membership-of="CYGNET\\staff"
auth_param ntlm children 10
auth_param ntlm keep_alive on
If you use a http debugger on your traffic you can see the User Agent
string of the streaming media http request and then allow this traffic
through unauthenticated
Mat
-----Original Message-----
From: Mauricio Silveira [mailto:msilveira@linuxbr.com]
Sent: Wednesday, 8 August 2007 11:44 AM
To: Mathew Archibald
Subject: Re: [squid-users] FW: Allowing streaming media through NTLM
Authentication
Hi Mathew,
You're matching against authenticated users, I'm using it against
wbinfo_group.
Anyway this should work, such as "http_access allow streaming_media
Streaming_allow" (Streaming_allow is an external acl for matching
against a group into the AD server). I didn't notice that browser regex
was case-insensitive(is it?).
Maybe the definitive solution would be using some "trickery" with
req_mime_type, req_header, rep_mime_type options.
I'm Just getting tired of this matter.
Mauricio
Mathew Archibald wrote:
> Hi Guys
>
> I was able to work around this problem by matching on the streaming
> media's User Agent string. My squid.conf looks like this:
>
>
>
> And the user_agent.conf file looks like this:
>
> nsplayer
> windows-media-player
> quicktime
>
> Mat
>
> -----Original Message-----
> From: Gavin White [mailto:white.gavin@gmail.com]
> Sent: Tuesday, 7 August 2007 8:58 PM
> To: Plant, Dean
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] FW: Allowing streaming media through NTLM
> Authentication
>
> Hi Dean,
>
> how did you disable ntlm authentication? I want to allow certain
> clients to bypass ntlm auth based on their IP address.
>
> Thanks,
>
> Gavin
>
> On 8/7/07, Plant, Dean <dean.plant@roke.co.uk> wrote:
>
>> Mauricio Silveira wrote:
>>
>>> Hi!
>>>
>>> I'm somehow "Happy" I'm not alone with this problem...
>>>
>>> I'm having this problem since squid 2.6STABLE9... (ALWAYS)
>>>
>>> I've tried everything possible without success...
>>>
>>> Let's try to get some progress on this matter, I'll dedicate some
>>>
> time
>
>>> to this soon (still this week or the next at most)
>>>
>>> If you have any progress, please post it here.
>>>
>>> Let's be sure of the problem... try accessing these radios:
>>>
>>> http://www.radios.com.br/emissoras/transa_prpop.htm
>>> http://www.radios.com.br/emissoras/transa_sppop.htm
>>>
>>>
>>> The former uses http as protocol, so it will ask for user/password,
>>> the latter uses mms as protocol, so it won't ask for user/password.
>>>
>> I get the same results using squid-2.6.STABLE13-1.RHEL4.
>>
>> I have had to disable NTLM authentication (easy fix) for some sites
>>
> with
>
>> streaming media but to be honest I have not had the time to fully
>> investigate the cause.
>>
>> Dean
>>
>>
>>> As far as my small brain knows... that's mms that should be giving
>>> headaches, not the http one!
>>>
>>> Please post back if you get the same results, I have to show my boss
>>> I'm right, I'm not alone and i DO KNOW how to configure squid. :D
>>>
>>> I'll post here if I get it working, let's flame this discussion....
>>>
> I
>
>>> see everyone trying to get rid of streamings, but not trying to get
>>>
> it
>
>>> working without these "imperfections".
>>>
>>> Thanks,
>>>
>>> Mauricio
>>>
>>>
>>>> Hi
>>>>
>>>> Apologies if this has been discussed before but I couldn't find a
>>>> solution for my exact problem in the archives.
>>>>
>>>> I run Squid 2.6STABLE13 and have configured it to use NTLM
>>>> authentication for all client requests. This is working properly
>>>>
> for
>
>>>> standard traffic but I am hitting a problem with streaming media.
>>>>
>>>> I'm aware that most streaming media can't handle NTLM
>>>>
> authentication
>
>>>> automatically and therefore when a user tries to access streaming
>>>> media a login box pops up. I don't want the users being asked to
>>>> authenticate so I'm trying to come up with a solution to instruct
>>>> the proxy server to not authenticate the streaming media.
>>>>
>>>> I've tried matching on the streaming media mime types but ran into
>>>> the problem in that the mime type is in the response and not the
>>>> request and it is the request that is authenticated.
>>>>
>>>> Has anyone dealt with this issue before and how did you go about
>>>> allowing streaming media through an authenticated proxy?
>>>>
>>>> Regards,
>>>>
>>>> Mathew Archibald
>>>>
>
>
>
>
Received on Tue Aug 07 2007 - 22:42:59 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT