Re: [squid-users] Fwd: Problems with NTLM authentication
On Tue, 2014-10-07 at 20:50 +0200, Marcel wrote: Hello, I have some more information. The problem seems to have nothing to do with samba, krb5 or anything else. I set up a new squid that isn't in the AD and doesn't use any kind of authentication at all. I have the exact same problem. Here is my POC squid.conf: acl localnet src all http_access allow all http_port 3128 That is the entire configuration in my tests. As you can see, it is absolutely impossible for it to be a configuration issue. Why can't I log on to a NTLM protected website with Internet Explorer when going over a squid proxy? It works fine in Firefox. -- Forwarded message -- From: foggle lord@gmail.com Date: 7 October 2014 18:10 Subject: [squid-users] Problems with NTLM authentication To: squid-users@lists.squid-cache.org Hello, I have set up a squid Proxy that uses samba/ntlm/krb5 to do SSO AD authentication in the Company. This works fine. My problem is that external Websites on the Internet that use NTLM authentication of their own do not work. My users enter their Details (DOMAIN\user and Password) and receive authentication failures Messages. Interestingly enough, this (almost) only occurs in Internet Explorer. The same sites work fine with Firefox. Thank you in advance for your much needed help. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Problems-with-NTLM-authentication-tp4667742.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users not something that squid would be affecting, as squid has nothing to do with the auth to the website. Tools - Internet Options - Advanced tab: scroll down until you Security. Under Security, check the Enable Integrated Windows Authentication* check box, and restart your browser. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Error page for failed authentication
Hello, I am setting up my squid to require user authentication with a digest. I have noticed that if authentication fails, it prompts the user again, and if the user clicks cancel then squid just refuses the connection. I am wondering if it is possible to change the behavior so that if authentication fails or the user clicks cancel squid instead redirects the user to an authentication failure page. Is this possible using the squid config file? What would be the best way of approaching this problem? Thanks in advance. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Error-page-for-failed-authentication-tp4667750.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] https issues for google
Not sure about turning off the proxy authentication, this would be hard to test as the issue is intermittent. The same with logging as I need to capture the issue. Thanks, Glenn -Original Message- From: Victor Sudakov [mailto:suda...@sibptus.tomsk.ru] Sent: Tuesday, 7 October 2014 7:47 PM To: Glenn Groves Cc: squid-us...@squid-cache.org Subject: Re: [squid-users] https issues for google -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 glenn.gro...@bradnams.com.au wrote: We have a weird issue where https sites apparently don't respond (get message this page can't be displayed). This mainly affects google websites and to a lesser affect youtube. But if you switch off proxy authentication, https sites start working, right? - -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJUM7agAAoJEA2k8lmbXsY0SswIAKaYLybj92jJULi16lVfrZgm hrizPJrpJAmLUwh5jtpQETGfc5owS9eyrwczh3dD1BZiLDQp2BUAMdlpG4bpmcFD pLCQhjLZur63/DD/C3hWcch59wceAXFsJa4O2YKC9kFkijnJK+o5K/ixUl2Xbsoy 2VkHYpimXTvEJcRG6P3tpvkUmjl1IzrFtkUdmV7DmJVdacGOFeVu7UCPnXRD97K0 fdtLGH7tTw04PfBJIr985i+Tht+C6uqTQo4W1l41JRIGdSGOxTedYj4dIpvHh9YW KtC4zxrDj+H4H9doOZwPo9sa3vY+HyT2oO2vHur1mPgt1RVmPsO+mo35h7CQj4I= =ZAyn -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid, Kerberos and FireFox (Was: Re: leaking memory in squid 3.4.8 and 3.4.7.)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/08/2014 06:29 AM, Victor Sudakov wrote: Markus, I could find the said script neither in the source nor in the binary package. However I think I can guess what could be inside. Could you look below if that makes sense? Or you can just look at the source code: http://bazaar.launchpad.net/~squid/squid/3.4/view/head:/helpers/negotiate_auth/kerberos/test_negotiate_auth.sh Eliezer -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJUNM26AAoJENxnfXtQ8ZQUcjQH+wdS/uXIyuQfmy3fqB++6mMO zXcJxJqJA59uAHIVMQav4FLEC9XbbWB7uFigR/IZIqMMYFysR0n13wZRYEBmLn/w K1jP8Rak+1zoxQSXxS7tvt5n9Z+om0CZIYkVidEqC4FuEaUcSV5PS3FyjAotq7se gOhemfPTJvmvvFMLLRm/dwkBNE+bFiYLdICBFypzeJ3IQVoMCbMr7KYcYe0JnIt2 aKYcl2uIQLAu+MUt56J0nOJnAI8ynkYwRDUUPjA1nuAC2h9U5hMdpa901b1hRzsU o+Vui/vb4ggtsxtD/PEv9lTkxXR+jwtYLPJIrEBPW3j9r5WiLOK/pO/PrWsceIY= =ukZN -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid ipv6 outgoing addresses from ipv4 incoming traffic
I should work, I recently used exactly that type of config with a client. Can you try to use the latest stable (3.4.8) please, and add debug_options, 28,3 to your squid.conf for a trace of what ACLs are being checked. Amos On 8/10/2014 9:53 a.m., Ahmed Allzaeem wrote: I just have one final question , I want to use tcp outgoing ipv6 based on user authentication I mean if user A ==ipv61 If user B ==ipv62 And so on , Actually I had treid but no luck , I have two users (Drvirus) (drx) all the time they go out from I have configured ACL user access but not sure if im wrong ! Thos user are stored in etc/squid/squid_user I created two of them here ! So now I use port 64000 and enter users drvirusx drx but both go out from 2a01:7e00:e000:eb:: I belkive they dhould go out from 2a01:7e00:e000:eb:: 2a01:7e00:e000:eb:: Can u have a look when u have time ??? Here is my last config = auth_param basic children 20 auth_param basic realm Linux Class auth_param basic program /lib/squid/basic_ncsa_auth /etc/squid/squid_user auth_param basic credentialsttl 2 hours auth_param basic casesensitive off ### acl classx proxy_auth REQUIRED http_access allow classx # Recommended minimum configurat # Squid normally listens to port 3128 http_port xxx:64000 ###users acls### acl drvirus note user drvirus acl drx note user drx # Uncomment and adjust th;e following to add a disk cache directory. #cache_dir ufs /var/cache/squid 100 16 256 # Leave coredumps in the first cache dir tcp_outgoing_address 2a01:7e00:e000:eb:: drvirus tcp_outgoing_address 2a01:7e00:e000:eb:: drx === ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users