-----Original Message----- From: Oles Hnatkevych [mailto:[EMAIL PROTECTED] Sent: Monday, July 05, 2004 8:20 AM To: [EMAIL PROTECTED] Subject: [squid-users] squid+ntlm
Hello guys! The problem is NTLM usernames in multiple rules. Given: squid + NTLM authentication, unix. How do I use different login names in different ACLs? Example. acl all_users proxy_auth "/usr/local/etc/squid/ntlm_users.txt" acl restricted_users proxy_auth "/usr/local/etc/squid/restricted_users.txt" acl restricted_urls url_regex -i "/usr/local/etc/squid/restricted_urls.txt" http_access deny !all_users http_access deny restricted_users !restricted_urls http_access allow all The second "http_access" rule tries to authenticate user again. NTLM is a weird one scheme, the second authentication probe in the same request is denied. I have not found ACL that would match already authenticated users. How to manage it all? Thanks in advance! *************************************************** This is not the answer you're looking for, but rather another way to handle the situation. If you have domain admin rights on the NT PDC, then create new groups, either global or local, and assign the users to the groups. Then, using the squid wb_group helper, create your ACLs based on group, instead of user. -- david
