I think IM clients and squid + NTLM are going to be the death of me.
I'm trying to make my squid work with NTLM + Samba, and everything seems to be working great from my browser, but when I try to sign into my MSN client I am met with stunning failure after stunning failure. Seaching the mail archive show that I should allow the site gateway.messenger.hotmail.com out directly before my required auth statements, but this still does not seem to be working. I am still logging TCP_DENIED (see below)
xx.yy.zz.190 - - [09/Sep/2004:16:24:36 -0500] "POST http://gateway.messenger.hotmail.com/gateway/gateway.dll? HTTP/1.1" 407 1844 TCP_DENIED:NONE
Here are the relevant portions of my squid.conf
acl MYUSERS proxy_auth REQUIRED acl MYBADUSERS proxy_auth_regex -i cafriese acl msn dst 207.46.104.20 207.46.110.0/24
...(I have a series of subnet based ACLs for my internal networks I allow) acl subnet-10-0-0 src 10.0.0.0/255.0.0.0 (etc...)
http_access deny MYBADUSERS http_access allow all msn http_access allow all MYUSERS http_access allow subnet-10-0-0 (etc...) http_access deny all
Any thoughts on this matter would be of great help. Thanks!
If this is not enough of my config, I'll gladly share more :)
Squid does the http_access lines top down.
http_access deny MYBADUSERS
needs to know the username to determing if they are good or bad so it requests the username from the browser at that point.
put the allow lines that don't need username auth before _ANY_ http_access lines that rely on username for alloy OR deny and you'll be set.
Billy
