On Monday 04 August 2003 08.19, Vladimir Yakovlev wrote: > I have a windows based net and 99% of users > authenticate using ntlm auth method of squid (squid 2.5STABLE3, > samba 2.2.8a), but 1% are not domain members and can't > authenticate. Previosly i used ip addresses for acls and > everything worked fine, but with ntlm auth i found out that > even acls like acl user src ip.add.res.s/32 and http_access allow > user don't work: user receives a window asking him to provide his > credits.
It does work fine. The key to this is to order and filter the http_access rules correctly. Squid does not make any difference between the different authentication schemes, it always asks for authentication when reaching the first authentication related acl in http_access, not before, not after. http_access rules are read top-down left-right, stopping at the first rule which fully matches the request. A http_access line is skipped as soon as any of the listed acl elements evaluate to false (the remaining acl elements of the same http_access line is not looked at). Can be illustrated as http_access allow/deny acl1 AND acl2 AND acl3 .... OR http_access allow/deny acl4 AND acl5 AND acl6 ... OR ... (AND/OR is not part of the squid.conf syntax, just illustrating the logics). Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
