[squid-users] mixing ntlm and non-ntlm auth

From: Gavin White <[email protected]>
Date: Wed, 1 Aug 2007 09:43:34 +0100

Hi,

I'm running 2.6.STABLE6 on RHEL4.5, and I have ntlm authentication
working via smb/winbind.

My problem is that I have a mixed client base of windows PCs, which
can do ntlm, and linux servers, which cannot. All the linux servers
are on their own IP network, 192.168.0.0/24, while the windows PCs are
in 192.168.0.1/24.

I would like to use ntlm auth for the windows PCs, and allow the linux
machines to use the proxy without ntlm authentication.

I have tried various combinations of acls, but I always end up in a
position where all requests succeed without authentication, or the
windows work but the linux clients fail with '407 authfail'.

My current config is:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
acl ntlmauth src 192.168.1.0/24
acl nonntlm src 192.168.0.0/24
acl AuthorizedUsers proxy_auth #with and without REQUIRED, no difference
http_access allow nonntlm
http_access allow AuthorizedUsers ntlmauth #have also tried 'ntlmauth
AuthorizedUsers '

Is this possible? Can I configure squid to require ntlm auth for some
source addresses, but not for others?

Thanks,

Gavin
Received on Wed Aug 01 2007 - 02:43:43 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT