Chris Robertson wrote:
-Original Message-
From: Oliver Hookins [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 10, 2005 1:15 PM
To: Henrik Nordstrom
Cc: squid-users@squid-cache.org; Chris Robertson
Subject: Re: [squid-users] Can't see usernames in logs after enabling
NTLM
Henrik
Chris Robertson wrote:
-Original Message-
From: Oliver Hookins [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 10, 2005 1:15 PM
To: Henrik Nordstrom
Cc: squid-users@squid-cache.org; Chris Robertson
Subject: Re: [squid-users] Can't see usernames in logs after enabling
NTLM
Henrik
On Thu, 10 Feb 2005, Oliver Hookins wrote:
1108019834.574 45 192.168.0.153 TCP_REFRESH_HIT/200 2524 GET
http://secure-uk.imrworldwide.com/v5.js epa\scottb NONE/- text/html
1108019834.684109 192.168.0.153 TCP_MISS/503 1353 GET
http://secure-uk.imrworldwide.com/cgi-bin/m? epa\scottb NONE/-
-Original Message-
From: Oliver Hookins [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 09, 2005 10:32 PM
To: squid-users@squid-cache.org
Cc: Chris Robertson
Subject: Re: [squid-users] Can't see usernames in logs after enabling
NTLM
Chris Robertson wrote:
http_access allow
Henrik Nordstrom wrote:
After that we have someone who IS in the LDAP group, is in the SURFING
IP range and is access a site that is also not in allowedsites. The
connection is denied and the username is not logged.
Here the browser did not agree on logging in to the proxy and hence the
On Fri, 11 Feb 2005, Oliver Hookins wrote:
This could be a problem. So any program that chooses not to authenticate, or
for some reason cannot authenticate (for example, it's not built-in) will be
denied access?
Yes, as Squid needs the username to evaluate the acl.
If we reversed the rules like
-Original Message-
From: Oliver Hookins [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 10, 2005 1:15 PM
To: Henrik Nordstrom
Cc: squid-users@squid-cache.org; Chris Robertson
Subject: Re: [squid-users] Can't see usernames in logs after enabling
NTLM
Henrik Nordstrom wrote
Chris Robertson wrote:
http_access allow AuthGroup
http_access allow SURFING
http_access allow allowedsites
http_access deny all
Will that do it, and grab authentication details for every request?
Thanks,
Oliver
Here is how I read your setup:
Everyone is prompted for authentication (which is
On Tue, 8 Feb 2005, Oliver Hookins wrote:
I've never quite understood it... hence my problem. Let me run this by you
though.
It's an ordered list of rules
http_access allow|deny acl AND acl AND ...
OR
http_access allow|deny acl AND acl AND ...
OR
On Tue, 8 Feb 2005, Oliver Hookins wrote:
http_access allow AuthGroup
http_access allow SURFING
http_access allow allowedsites
http_access deny all
Will that do it, and grab authentication details for every request?
Yes, but I would not recommend leaving allowedsites world open like this.
acl
Henrik Nordstrom wrote:
On Mon, 7 Feb 2005, Oliver Hookins wrote:
On my 2.5STABLE3 box I didn't explicitly have a http_access rule
referring to the proxy_auth. I had one referring to the
squid_ldap_group helper ACL though, and that seemed to work.
Correct.
Anyway here's the list of acl's and
-Original Message-
From: Oliver Hookins [mailto:[EMAIL PROTECTED]
Sent: Monday, February 07, 2005 2:42 PM
To: Henrik Nordstrom
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Can't see usernames in logs after enabling
NTLM
Henrik Nordstrom wrote:
On Mon, 7 Feb 2005
Chris Robertson wrote:
-Original Message-
From: Oliver Hookins [mailto:[EMAIL PROTECTED]
Sent: Monday, February 07, 2005 2:42 PM
To: Henrik Nordstrom
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Can't see usernames in logs after enabling
NTLM
Henrik Nordstrom wrote:
On Mon, 7
-Original Message-
From: Oliver Hookins [mailto:[EMAIL PROTECTED]
Sent: Monday, February 07, 2005 3:34 PM
To: Chris Robertson
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Can't see usernames in logs after enabling
NTLM
Chris Robertson wrote:
If you want all
Chris Robertson wrote:
-Original Message-
From: Oliver Hookins [mailto:[EMAIL PROTECTED]
Sent: Monday, February 07, 2005 3:34 PM
To: Chris Robertson
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Can't see usernames in logs after enabling
NTLM
Chris Robertson wrote:
If you want
Henrik Nordstrom wrote:
On Fri, 4 Feb 2005, Oliver Hookins wrote:
and then later on:
acl password proxy_auth REQUIRED
Have you also defined the required http_access rule using the password acl?
On my 2.5STABLE3 box I didn't explicitly have a http_access rule
referring to the proxy_auth. I had
On Mon, 7 Feb 2005, Oliver Hookins wrote:
On my 2.5STABLE3 box I didn't explicitly have a http_access rule referring to
the proxy_auth. I had one referring to the squid_ldap_group helper ACL
though, and that seemed to work.
Correct.
Anyway here's the list of acl's and http_access lines so maybe
On Fri, 4 Feb 2005, Oliver Hookins wrote:
and then later on:
acl password proxy_auth REQUIRED
Have you also defined the required http_access rule using the password
acl?
Regards
Henrik
OK I figured out the previous problem, the Squid-2.5STABLE7-Cerberian
RPM that I had installed didn't have --enable-auth=ntlm in there, only
basic. So I recompiled from 2.5STABLE7 source with basic and ntlm and my
modified configuration parsed ok.
But now that I have enabled the NTLM and have
19 matches
Mail list logo
