Re: [squid-users] Restricting access to users logging onto windows domain
Tejpal Amin wrote: Hi, Any suggestions for my query? The same suggestion that has been given a couple times but either missed or ignored. I'll quote it for emphasis... On Tue, Sep 1, 2009 at 2:54 PM, Amos Jeffriessqu...@treenet.co.nz wrote: http_access deny !auth all Where auth is whatever ACL name you have in your squid.conf to test authentication. On Wed, Sep 2, 2009 at 5:36 AM, Amos Jeffriessqu...@treenet.co.nz wrote: I assume when you said squid throws up an authentication dialog box that you already had authentication working. This line replaces whatever you currently have doing deny !auth in your config and causing the dialog box to appear. Here's the really important bit... The 'all' at the end of the [http_access] line prevents the dialog being requested by Squid. Amos Chris
Re: [squid-users] Restricting access to users logging onto windows domain
Hi, Any suggestions for my query? On Wed, Sep 2, 2009 at 11:07 AM, Tejpal Amintejpal.a...@gmail.com wrote: Hi Amos, You are correct, the NTLM auth is working in my configuration, the problem I have is that the users not logged onto the domain get a pop up window for authentication. These users can use valid credentials and access the site (eventhough they don't login to the domain). My aim is that the users not logging onto the domain should not be getting this authentiction Window , this will stop them from accessing the internet even if they have valid credentials. Regards Tej On Wed, Sep 2, 2009 at 5:36 AM, Amos Jeffriessqu...@treenet.co.nz wrote: On Tue, 1 Sep 2009 17:07:52 +0530, Tejpal Amin tejpal.a...@gmail.com wrote: AMos, I tried putting this line in the conf file but it did not work. My aim is to stop users not logging onto my AD domain from accessing the internet. I have configured NTLM authentication for my squid but the issue is teh users not logging onto teh domain get a prompt for authentication. There should be no way of accessing teh internet for non domain users. Which is exactly what that line I gave you does. I assume when you said squid throws up an authentication dialog box that you already had authentication working. This line replaces whatever you currently have doing deny !auth in your config and causing the dialog box to appear. The 'all' at the end of the line prevents the dialog being requested by Squid. Amos Regards Tej On Tue, Sep 1, 2009 at 2:54 PM, Amos Jeffriessqu...@treenet.co.nz wrote: Tejpal Amin wrote: HI, I have a squid proxy which uses NTLM authentication for authenticating users. I would like to restrict access only to users logging onto domain for the other users it should deny access. The problem I am facing is that for machines that are not joined to windows domain, the squid throws up an authentication dialog box. So you require authentication to use the proxy, but do not want Squid to notify the browsers about this critical requirement? http_access deny !auth all Where auth is whatever ACL name you have in your squid.conf to test authentication. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13
Re: [squid-users] Restricting access to users logging onto windows domain
Tejpal Amin wrote: HI, I have a squid proxy which uses NTLM authentication for authenticating users. I would like to restrict access only to users logging onto domain for the other users it should deny access. The problem I am facing is that for machines that are not joined to windows domain, the squid throws up an authentication dialog box. So you require authentication to use the proxy, but do not want Squid to notify the browsers about this critical requirement? http_access deny !auth all Where auth is whatever ACL name you have in your squid.conf to test authentication. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13
Re: [squid-users] Restricting access to users logging onto windows domain
AMos, I tried putting this line in the conf file but it did not work. My aim is to stop users not logging onto my AD domain from accessing the internet. I have configured NTLM authentication for my squid but the issue is teh users not logging onto teh domain get a prompt for authentication. There should be no way of accessing teh internet for non domain users. Regards Tej On Tue, Sep 1, 2009 at 2:54 PM, Amos Jeffriessqu...@treenet.co.nz wrote: Tejpal Amin wrote: HI, I have a squid proxy which uses NTLM authentication for authenticating users. I would like to restrict access only to users logging onto domain for the other users it should deny access. The problem I am facing is that for machines that are not joined to windows domain, the squid throws up an authentication dialog box. So you require authentication to use the proxy, but do not want Squid to notify the browsers about this critical requirement? http_access deny !auth all Where auth is whatever ACL name you have in your squid.conf to test authentication. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13
Re: [squid-users] Restricting access to users logging onto windows domain
tis 2009-09-01 klockan 17:07 +0530 skrev Tejpal Amin: My aim is to stop users not logging onto my AD domain from accessing the internet. I am afraid that is not possible. At the HTTP level (what Squid sees) there is no difference between clients logging on automatically due to having cached credentials from a domain logon or manually by entering the credentials in a browser login box. Both is domain logons, differing only in how the client got the logon information. MAYBE it's possible with some domain policy settings, but I would not think so. Regards Henrik
Re: [squid-users] Restricting access to users logging onto windows domain
On Tue, 1 Sep 2009 17:07:52 +0530, Tejpal Amin tejpal.a...@gmail.com wrote: AMos, I tried putting this line in the conf file but it did not work. My aim is to stop users not logging onto my AD domain from accessing the internet. I have configured NTLM authentication for my squid but the issue is teh users not logging onto teh domain get a prompt for authentication. There should be no way of accessing teh internet for non domain users. Which is exactly what that line I gave you does. I assume when you said squid throws up an authentication dialog box that you already had authentication working. This line replaces whatever you currently have doing deny !auth in your config and causing the dialog box to appear. The 'all' at the end of the line prevents the dialog being requested by Squid. Amos Regards Tej On Tue, Sep 1, 2009 at 2:54 PM, Amos Jeffriessqu...@treenet.co.nz wrote: Tejpal Amin wrote: HI, I have a squid proxy which uses NTLM authentication for authenticating users. I would like to restrict access only to users logging onto domain for the other users it should deny access. The problem I am facing is that for machines that are not joined to windows domain, the squid throws up an authentication dialog box. So you require authentication to use the proxy, but do not want Squid to notify the browsers about this critical requirement? http_access deny !auth all Where auth is whatever ACL name you have in your squid.conf to test authentication. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13
[squid-users] Restricting access to users logging onto windows domain
HI, I have a squid proxy which uses NTLM authentication for authenticating users. I would like to restrict access only to users logging onto domain for the other users it should deny access. The problem I am facing is that for machines that are not joined to windows domain, the squid throws up an authentication dialog box. Please advice on how to stop this pop up. Regards, Tejpal Amin