Hi all !
I finally (sort of) manage to get squid with ntlm authentication. I now have it
working as i want it, but there's a configuration that i had to change and
that's keeping bugging me in the why.
Everything was workig fine until reaching https sites.
If i had enabled both types of authentication: ntlm and basic (for those under
Linux or not using a ntlm enabled browser):
--------
# Autenticacao NTLM - Winbind - AD
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 300
auth_param ntlm keep_alive off
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 100
auth_param basic realm Por favor autentique-se!
auth_param basic credentialsttl 2 hours
acl ntlmAuth proxy_auth REQUIRED
--------------------
This configuration worked fine, but those with NTLM (windows + IE / Firefox)
were asked for authentication (that shouldn't happen). Those in Linux worked
just fine (with an authentication dialog) and every site appears as it should
be.
If i remove the basic authentication, those with windows (IE and Firefox) are
NOT asked for authentication and those using Linux are asked for authentication
(everything fine here). Here is the problem:
Those using Linux can't access (most) https sites. It just gives:
TCP_DENIED/407 3833 CONNECT twitter.com:443 - NONE/- text/html
And nothing happens...
So i've decided to do an experiment
In squid.conf, i've changed:
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
to
http_access allow CONNECT SSL_ports
And sudden all those https sites began working...
Well, by question is:
Is this correect ? What would be happening with the other configuration? Is it
safe ?
hope someone can shed some light in this matter.
Thank you all
--
Use Open Source Software
Human knowledge belongs to the world
Bruno Santos
[email protected]
http://www.twitter.com/feiticeir0
Tel: +351 962 753 053
Divisão de Informática
[email protected]
Tel: +351 272 000 155
Fax: +351 272 000 257
Unidade Local de Saúde de Castelo Branco, E.P.E.
[email protected]
Tel: +351 272 000 272
Fax: +351 272 000 257
Linux registered user #349448
LPIC-1 Certification
