[squid-users] RE: Integrated authentication with IE on Windows 2003

From: Nemallikanti, Venu <[email protected]>
Date: Wed, 6 Apr 2005 15:54:33 -0400

Here is my squid.conf. I went in and checked again, no samba or Kerberos
installed.

Venu

############## Start of squid.conf

shutdown_lifetime 5 seconds
icp_port 0

http_port 192.168.25.56:80

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_effective_user squid
cache_effective_group squid

pid_filename /var/run/squid.pid

cache_mem 2 MB
cache_dir aufs /var/log/cache 50 16 256

error_directory /usr/lib/squid/errors/English

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
useragent_log /var/log/squid/useragent.log

strip_query_terms off

log_mime_hdrs off
forwarded_for off

auth_param ntlm program /usr/lib/squid/ntlm_auth CAMELOT/AD01
CAMELOT/AD01
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

acl for_inetusers proxy_auth REQUIRED

acl within_timeframe time MTWHFAS 00:00-24:00

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 800 # Squids port (for icons)

acl IPCop_http port 81
acl IPCop_https port 445
acl IPCop_ips dst 192.168.25.56
acl IPCop_networks src
"/var/ipcop/proxy/advanced/acls/src_subnets.acl"
acl CONNECT method CONNECT

#Access to squid:
#local machine, no restriction
http_access allow localhost

#GUI admin if local machine connects
http_access allow IPCop_ips IPCop_networks IPCop_http
http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https

#Deny not web services
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

#Set custom configured ACLs
http_access allow IPCop_networks for_inetusers within_timeframe
http_access deny all

maximum_object_size 4096 KB
minimum_object_size 0 KB

request_body_max_size 0 KB
reply_body_max_size 0 allow all

visible_hostname ipcoptest.castlepointmortgage.com

############## End of squid.conf

-----Original Message-----
From: Nemallikanti, Venu
Sent: Tuesday, April 05, 2005 2:32 PM
To: Greg Scott; squid-users@squid-cache.org
Subject: RE: [squid-users] RE: Integrated authentication with IE on
Windows 2003

Hi,

I am able to authenticate against Windows 2003 AD if I am connecting
using IE on Windows 2000/XP. I get authentication problem only when I am
using IE on Windows 2003.

Squid proxy I am talking about is actually part of IPCop (LFS based
Firewall/Proxy solution) installation. I do not see Samba and Kerberos
installed.

Venu

-----Original Message-----
From: Greg Scott [mailto:GregScott@InfraSupport.com]
Sent: Tuesday, April 05, 2005 1:46 PM
To: Nemallikanti, Venu; squid-users@squid-cache.org
Subject: RE: [squid-users] RE: Integrated authentication with IE on
Windows 2003

Does this sound familiar to a skinny bald guy from Minnesota or what? I
just worked my way though this over the past several days. What version
of Kerberos and Samba are you using? You need krb1.3 or newer to work
with Win 2003 AD.

- Greg Scott

-----Original Message-----
From: Nemallikanti, Venu [mailto:vnemallikanti@ucasystems.com]
Sent: Tuesday, April 05, 2005 10:45 AM
To: squid-users@squid-cache.org
Subject: [squid-users] RE: Integrated authentication with IE on Windows
2003

Hi,

I am running Squid proxy server with Windows AD authentication using
NTLM. When I setup Squid for integrated authentication mode I am not
able to go out on the internet using IE on Windows 2003, all though I am
able to go out using IE on Windows 2000/XP. The error I am getting is
authentication failure. If I turn integrated authentication off, my
browser on Windows 2003 prompts me for a password and I am able to go
online. Can someone please help me fix this problem?

Thank You,
Venu
Received on Wed Apr 06 2005 - 13:54:57 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT