Re: [squid-users] NTLM/Basic Authentication problem with blocked user

From: Henrik Nordstrom <[email protected]>
Date: Tue, 04 Feb 2003 21:43:00 +0100

You may need to list the user both with and without domain name (the acl
matches the name exacly as typed in the login box).

Also, keep in mind that Squid by default is case sensitive. See the
proxy_auth acl documentation for details.

Regards
Henrik

Chris & Val Bamber wrote:
>
> Hi,
>
> I have implemented NTLM and it works very nice. We have a well Know
> public user on our network which I want to block completely from
> anything.
>
> If the user logs on and launches Internet Explorer then all that is
> presented the Username/logon banner and despite entering the correct
> password the user never gets access.
>
> If I launch Netscape from a UNIX box then basic authentication takes
> over (I am assuming this!) and not NTLM. If I enter the Same
> username/password which is blocked then the user is allowed access!!
>
> My squid.conf file
>
> Acl UnauthorisedUser proxy_auth MyDomain\BlockedUser
> Acl AuthorisedUsers proxy_auth REQUIRED
>
> Http_access deny unauthorisedUser
> Http_access allow AuthorisedUsers
>
> I looked at the FAQ and noticed the following example.
>
> acl USER1 proxy_auth Dick
> acl USER2 proxy_auth Jane
> acl DAY time 06:00-18:00
> http_access allow USER1 DAY
> http_access deny USER1
> http_access allow USER2 !DAY
> http_access deny USER2
>
> Does this mean I should switch allow and deny rules around.
>
> Thanks
> Chris
Received on Tue Feb 04 2003 - 13:44:47 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:14 MST