Re: [squid-users] mixing ntlm and non-ntlm auth

From: Chris Robertson <crobertson@dont-contact.us>
Date: Thu, 09 Aug 2007 16:59:19 -0800

Gavin White wrote:
> Hi,
>
> I'm running 2.6.STABLE6 on RHEL4.5, and I have ntlm authentication
> working via smb/winbind.
>
> My problem is that I have a mixed client base of windows PCs, which
> can do ntlm, and linux servers, which cannot. All the linux servers
> are on their own IP network, 192.168.0.0/24, while the windows PCs are
> in 192.168.0.1/24.
>
> I would like to use ntlm auth for the windows PCs, and allow the linux
> machines to use the proxy without ntlm authentication.
>
> I have tried various combinations of acls, but I always end up in a
> position where all requests succeed without authentication, or the
> windows work but the linux clients fail with '407 authfail'.
>
> My current config is:
>
> auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> acl ntlmauth src 192.168.1.0/24
> acl nonntlm src 192.168.0.0/24
>
acl mynet src 192.168.0.0/23
> acl AuthorizedUsers proxy_auth #with and without REQUIRED, no difference
> http_access allow nonntlm
> http_access allow AuthorizedUsers ntlmauth #have also tried 'ntlmauth
> AuthorizedUsers '
>
> Is this possible? Can I configure squid to require ntlm auth for some
> source addresses, but not for others?
>

http_access deny ntlmauth !AuthorizedUsers # Prevent the 192.168.1.0/24
netblock from surfing without authentication
http_access allow mynet # Allow my network to use the proxy
http_access deny all # Keep the riff-raff out

> Thanks,
>
> Gavin
>

Chris
Received on Thu Aug 09 2007 - 18:59:36 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT