Re: [squid-users] NTLM authentication login popups

From: Kinkie <gkinkie_at_gmail.com>
Date: Thu, 19 Aug 2010 18:09:21 +0200

Sorry, you are right.
You need to

acl ntlmauth proxy_auth REQUIRED
http_access allow ntlmauth
http_access deny all

This is a very simplicistic configuration though, please check
squid.conf.documented for a more security-sensitive setup.

On Thu, Aug 19, 2010 at 5:46 PM, Tuan Nguyen <ug32tqn_at_googlemail.com> wrote:
> If I make that change everything will be denied and nothing will be
> passed to the NTLM authenticator. Thanks.
>
> On Thu, Aug 19, 2010 at 4:18 PM, Kinkie <gkinkie_at_gmail.com> wrote:
>> On Thu, Aug 19, 2010 at 4:45 PM, Tuan Nguyen <ug32tqn_at_googlemail.com> wrote:
>>> http://wiki.squid-cache.org/Features/Authentication#How_do_I_prevent_Login_Popups.3F
>>>
>>> I have followed the above instruction but still getting login popups.
>>> Basically I'm trying to force "Access Denied" page displayed to
>>> unauthenticated users instead of the popup. Any help would be much
>>> appreciated. Thanks.
>>>
>>> squid.conf:
>>> ...
>>> acl ntlmauth proxy_auth REQUIRED
>>> http_access deny ntlmauth all
>>
>> If you change this to
>> http_access deny all
>>
>> users failing to successfully authenticate at the first attempt will
>> get no login popups.
>> They will still get login popups if:
>> - the client is not joined to a domain
>> - the client is configured not to attempt automatica authentication to the proxy
>> - the clients is not MSIE or Firefox (not sure about other browsers)
>>
>> --
>>     /kinkie
>>
>

-- 
    /kinkie
Received on Thu Aug 19 2010 - 16:09:27 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 19 2010 - 12:00:02 MDT