[squid-users] Exclude embedded applications from ntlm auth

From: Olsson, Mattias <mattias.olsson@dont-contact.us>
Date: Fri, 7 Dec 2007 13:19:15 +0100

Hello!

I have a cluster of Squid servers integrated with my AD. IE and Firefox
is working most of the time. My biggest problem is that Windows Media
Player, Quicktime and other embedded players fails to auth against the
AD automaticly. I get a popup requesting my usename/password. This is
enoying and it will not work with our PKI2 cards. I dont know if its
possible to solve this problem with embedded players failing against
Squid/Kerberos/AD, so i was hoping for an work around meanwhile.

First, can it be done? Having embedded players automatically auth
against the AD...

If not, is it possible to make an exclution acl within squid? Maby on
mime type or application type / sort of traffic?

This is how i have configured squid, if you are comming from the
internal lan you have to auth...

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Proxy Server AUTH
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
authenticate_cache_garbage_interval 10 seconds

acl MYNET proxy_auth REQUIRED src 192.168.0.0/255.255.0.0
http_access allow MYNET

Thanks for any kind of help!

Mvh / Kind regards

Mattias Olsson

Siemens AB
IT Solutions and Services AB

SE-171 95 Solna
Sweden

P: +46 8 730 6573 M:+46 70 629 1071
**************************************'******
Received on Fri Dec 07 2007 - 05:19:55 MST

This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:01 MST