Re: [squid-users] Restricting access to users logging onto windows domain

From: Tejpal Amin <tejpal.amin_at_gmail.com>
Date: Mon, 7 Sep 2009 11:44:38 +0530

Hi,

Any suggestions for my query?

On Wed, Sep 2, 2009 at 11:07 AM, Tejpal Amin<tejpal.amin_at_gmail.com> wrote:
> Hi Amos,
>
> You are correct, the NTLM auth is working in my configuration, the
> problem I have is that the users not logged onto the domain get a pop
> up window for authentication. These users can use valid credentials
> and access the site (eventhough they don't login to the domain).
> My aim is that the users not logging onto the domain should not be
> getting this authentiction Window , this will stop them from accessing
> the internet even if they have valid credentials.
>
> Regards
> Tej
>
> On Wed, Sep 2, 2009 at 5:36 AM, Amos Jeffries<squid3_at_treenet.co.nz> wrote:
>> On Tue, 1 Sep 2009 17:07:52 +0530, Tejpal Amin <tejpal.amin_at_gmail.com>
>> wrote:
>>> AMos,
>>>
>>> I tried putting this line in the conf file but it did not work.
>>>
>>> My aim is to stop users not logging onto my AD domain from accessing
>>> the internet.
>>> I have configured NTLM authentication for my squid but the issue is
>>> teh users not logging onto teh domain get a prompt for authentication.
>>>
>>> There should be no way of accessing teh internet for non domain users.
>>>
>>
>> Which is exactly what that line I gave you does.
>>
>> I assume when you said "squid throws up an authentication dialog box" that
>> you already had authentication working. This line replaces whatever you
>> currently have doing "deny !auth" in your config and causing the dialog box
>> to appear. The 'all' at the end of the line prevents the dialog being
>> requested by Squid.
>>
>> Amos
>>
>>
>>> Regards
>>> Tej
>>>
>>> On Tue, Sep 1, 2009 at 2:54 PM, Amos Jeffries<squid3_at_treenet.co.nz>
>> wrote:
>>>> Tejpal Amin wrote:
>>>>>
>>>>> HI,
>>>>>
>>>>> I have a squid proxy which uses NTLM authentication for authenticating
>>>>> users.
>>>>>
>>>>> I would like to restrict access only to users logging onto domain for
>>>>> the other users it should deny access.
>>>>> The problem I am facing is that for machines that are not joined to
>>>>> windows domain, the squid throws up an authentication dialog box.
>>>>
>>>> So you require authentication to use the proxy, but do not want Squid to
>>>> notify the browsers about this critical requirement?
>>>>
>>>>
>>>> http_access deny !auth all
>>>>
>>>> Where "auth" is whatever ACL name you have in your squid.conf to test
>>>> authentication.
>>>>
>>>>
>>>> Amos
>>>> --
>>>> Please be using
>>>> �Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>>>> �Current Beta Squid 3.1.0.13
>>>>
>>
>
Received on Mon Sep 07 2009 - 06:14:47 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 09 2009 - 12:00:02 MDT