Hi List, I have recently set up a Squid as a reverse proxy, allowing internet clients to check their Lotus Notes accounts, using iNotes. Everyhting I wanted the to authenticate off the domain, to actually use the proxy, before seeing the iNotes logon page.
This is currently working well for every browser bar, IE. other browsers, such as Opera or Mozilla, seem to be presented with what looks like a basic authentication logon. I can also see the Realm that I set in auth_param in squid.conf. Whenever I enter a valid set of NT credentials, it authenticates me and shows me the iNotes logon page. I can also see the authenticated user in access.log. IE is different, it presents me with the NTLM three firlds, including Domain. Whenever I use a set of valid creditials for the domain, its gives me a Cache Access Denied. I have played with various options in 'Security' in IE, but with no luck. Is there a way I can force IE to use the basic authentication that the other clients can use so easily? iNotes *really* needs MS IE 6, so this is important. I am aware that the order of auth_param tags, and feel they are in the same order. Squid was also built with --enable-auth=" My squid.conf below: - - SNIP - - http_port 80 auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/squid/libexec/wb_auth auth_param basic children 5 auth_param basic realm Lotus iNotes Secure Proxy auth_param basic credentialsttl 2 hours ## define our ACL's. Safe ports, cache manager and authenticated users acl all src 0.0.0.0/0.0.0.0 [...] acl password proxy_auth REQUIRED #acl our_networks src 192.168.1.0/24 # map acl with access. http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access allow all password #http_access allow our_networks [...] httpd_accel_port 80 httpd_accel_host 192.168.1.3 # Notes IP httpd_accel_single_host on # Only one backend. httpd_accel_uses_host_header on - - SNIP - - Any info or thoughts grealty appriciated. Cheers, Andrew -- andrew (at) mongers (dot) org
