On 5/10/2012 6:28 a.m., E.S. Rosenberg wrote:
> 2012/10/4 muno <muno_at_uninet.com.br>:
>> Thanks Amos, but it doesn't work yet.
>>
>>> You need an authentiction test around about here somewhere
>>> (with any ACL tests for non-auth'd visitors above it).
>>>
>>> acl authenticated proxy_auth REQUIRED
>>>
>>> http_access deny !authenticated
>>
>>
>> Now I get a "Cache Access Denied" message.
> That means you're probably not authenticating.
> Have you looked at cache.log?
> Access.log?
> Are you getting HTTP/417 Proxy auth requiered?
er, "401 Authenticateion Required" response.
> Is your client responding properly (you can use wireshark to figure that out)?
> Is winbind working properly (does wbinfo -g or -u show all the AD
> groups/users)?
> Did you configure windbind/samba right? What happens when you try to
> use ntlm_auth from CLI?
> Do you succeed in authenticating (ntlm_auth --username=x --domain=y
> --diagnostics)?
>
> And don't revert to basic over the internet, though NTLM is leaky as
> anything these days it's still less leaky then cleartext passwords on
> the wire (although as far as I understand it it's close to cleartext
> these days).
>
> Hope that helps,
> Eli
Amos
Received on Fri Oct 05 2012 - 01:36:37 MDT
This archive was generated by hypermail 2.2.0 : Fri Oct 05 2012 - 12:00:03 MDT