[squid-users] deny_info not working when use NTLM auth

From: Leonardo Dantas Oliveira <lodantas_at_gmail.com>
Date: Thu, 4 Feb 2010 02:55:56 -0300

Hello All,

I Have the following problem:

All NTLM authentication is working, the samba is working, and the krb5
(I am using ads). - (not the problem, yet)

Examples:

access.log with username ok (if I remove de deny acl, work without problems)
[root_at_maggie squid]# tail /var/log/squid/access.log
1265260503.633����� 0 172.21.1.10 TCP_DENIED/407 2721 GET
http://www.google.com.br/firefox? - NONE/- text/html
1265260503.645����� 2 172.21.1.10 TCP_DENIED/407 3011 GET
http://www.google.com.br/firefox? leo NONE/- text/html
1265260507.608����� 1 172.21.1.10 TCP_DENIED/407 3012 GET
http://www.google.com.br/firefox? - NONE/- text/html
1265260507.614����� 3 172.21.1.10 TCP_DENIED/407 3003 GET
http://www.google.com.br/firefox? leo NONE/- text/html
1265260789.788����� 2 172.21.1.10 TCP_DENIED/407 3002 GET
http://pt-br.fxfeeds.mozilla.com/pt-BR/firefox/headlines.xml - NONE/-
text/html
1265260791.388�� 1598 172.21.1.10 TCP_MISS/302 646 GET
http://pt-br.fxfeeds.mozilla.com/pt-BR/firefox/headlines.xml leo
DIRECT/63.245.209.93 text/html
1265260791.390����� 0 172.21.1.10 TCP_DENIED/407 2346 GET
http://www.estadao.com.br/rss/ultimas.xml? - NONE/- text/html

kerberos is ok:
[root_at_maggie squid]# kinit leo
Password for leo_at_mydomain.com.br
[root_at_maggie squid]#

wbinfo:
[root_at_maggie squid]# wbinfo -t
checking the trust secret via RPC calls succeeded
[root_at_maggie squid]#
wbinfo -u and -g get all users and groups.

My question is:

When I create a rule like this

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp

acl proxy_auth leo leo
deny_info ERR_ACCESS_DENIED leo
http_access deny leo

What happens, rather than show the access denied page, is asking user
and password (as basic mode, instead of NTLM), but I want to be shown
to Access Denied page (ERR_ACCESS_DENIED)!

I'm using Squid 3 with CentOS 5.4 (but I had the same problem with
ubuntu server 8.04 and squid 2.6)
[root_at_maggie usr]# rpm -qa | grep squid
squid-3.0.STABLE20-1.el5
[root_at_maggie usr]#

Thanks!

--
Leonardo Dantas
Natal - RN, Brasil.
Tel: +55 84 8865-7200
ICQ UIN 15073476
lodantas_at_gmail.com (MSN Messenger)
twitter: ldoliveira, skype lodantas007
http://www.linkedin.com/in/ldantas/
Received on Thu Feb 04 2010 - 05:56:23 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 12:00:04 MST