> I turned on log_mime_hdrs as you asked, and here's the output: > > 1098069200.802 1 10.0.1.8 TCP_DENIED/407 1747 GET > http://www.google.com/ - NONE/- text/html [Accept: image/gif, > image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, > application/vnd.ms-excel, application/msword, application/x-shockwave-flash, > */*\r\nAccept-Language: en-au\r\nCookie: > PREF=ID=17238ed846c9d38d:CR=1:TM=1096527005:LM=1096527005:S=kyLy_3fTUQxpLp2g > \r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR > 1.1.4322)\r\nHost: www.google.com\r\nProxy-Connection: Keep-Alive\r\n] > [HTTP/1.0 407 Proxy Authentication Required\r\nServer: > squid/2.5.STABLE6\r\nMime-Version: 1.0\r\nDate: Mon, 18 Oct 2004 03:13:20 > GMT\r\nContent-Type: text/html\r\nContent-Length: 1320\r\nExpires: Mon, 18 > Oct 2004 03:13:20 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED > 0\r\nProxy-Authenticate: Basic realm="Pandora Squid Test Proxy blah blah > blah"\r\nProxy-Authenticate: NTLM\r\n\r]
I hope if you use NTLM + BASIC authentication with winbind on samba then it will make one tcp_denied on access.log there when we start testing there. But authentication will generate requests there without fail there for that. Can you post successive logs from access.log there. You can turn off log_mime_hdrs there. > The dummy username used was "restricted" and the password was "password". > This user worked with basic auth after the NTLM auth failed. You can verify this as, by removing basic authentication and use only NTLM authentication. It will make one TCP_DENIED message, but web requests will be generated there on browser. Check this out. Regards Muthu --- =============== It is a "Virus Free Mail" =============== Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.777 / Virus Database: 524 - Release Date: 10/14/2004