I am not so sure that it is a ntlm_auth problem as I have squidguard logging all destinations that fail and the log that it produces contains the correct username:
2003-09-23 19:43:12 [309] Request(AllDayUsers/bl_ads/-) http://ad.uk.doubleclick.net/adj/homepage.ukmnhp/;sz=468x60;ord=511511319616 7302? 192.168.1.219/- charlieg\charlie grosvenor 2003-09-23 19:43:12 [309] Request(AllDayUsers/bl_ads/-) http://global.msads.net/ads/9176/0000009176_000000000000000023900.gif 192.168.1.219/- charlieg\charlie grosvenor 2003-09-23 19:43:13 [309] Request(AllDayUsers/bl_ads/-) http://view.atdmt.com/REP/view/msnkxo2s02100129rep/direct/01/ 192.168.1.219/- charlieg\charlie grosvenor What it is not doing it seems is passing the correct username to the cgi script it is passing charlieg\\charlie instead of charlieg\\charlie grosvenor. Does any body have an ideas? In my squid access log it writes the username as charlieg\charlie%20grosvenor does any body know if this is the correct behaviour for usernames with spaces. I use sarg to generate reports and it is causing problems as the web browser translates %20 as a space and then the web server is looking for a file with a space not a %20. Thank you Charlie -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Foxton Sent: 23 September 2003 11:26 To: Charlie Grosvenor Cc: [EMAIL PROTECTED] Subject: Re: Usernames with spaces I found that problam and the only way I found around it was to use smb_auth and edit the source (as per information from the developer). Maybe emailing the guy who is responsible for ntlm_auth would yield results? Regards Phil On Tue, 2003-09-23 at 06:51, Charlie Grosvenor wrote: > I have squid requiring users to authenticate using an nt domain using > ntlm_auth. All the users on the nt domain are in the form Firstname > Lastname, e.g. "charlie grosvenor". I wish to use squidguard to > disallow access to certain sites and to restrict some users internet > access to certain parts of the day. The problem is that squidguard > only seems to pass the first part of the username to: > > redirect > http://192.168.1.250/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=% > n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u > > for apache logs says: > > 192.168.1.250 - - [21/Sep/2003:12:45:29 +0100] "GET > /cgi-bin/squidGuard.cgi?clientaddr=192.168.1.250&clientname=proxy.internal.t estdomain.co.uk&clientuser=charlieg\\charlie&clientgroup=AllDayUsers&targetg roup=bl_ads&url=http://solair.eunet.yu/ HTTP/1.0" 403 2622 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)" > > the username is "charlieg\\charlie grosvenor" not "charlieg\\charlie" > > Is there any way around this problem? > > Thank you > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.520 / Virus Database: 318 - Release Date: 18/09/2003 -- Phil Foxton Group Systems Manager +44 7966 336218 +44 1908 635400 --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.520 / Virus Database: 318 - Release Date: 18/09/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.520 / Virus Database: 318 - Release Date: 18/09/2003
