How would I go about only forcing certain hosts to use NTLM auth, but allowing everyone else to use the proxy un-authenticated?
I have a ACL that contain's src's of IP's that I need to force to use NTLM: acl requirentlm proxy_auth REQUIRED acl requirentlmhosts src 1.1.1.1/255.255.255.255 http_acccess allow requirentlmhosts requirentlm This takes care of forcing "requirentlmhosts" to auth, but if I have another http_access rule that allows everyone else, what keeps "requirentlmhosts" from getting out without auth? Thanks, Josh -----Original Message----- From: Baird, Josh Sent: Thursday, July 19, 2012 9:39 PM To: Eliezer Croitoru; squid-users@squid-cache.org Subject: RE: [squid-users] Non-browser applications using NTLM+Squid? Not sure why I didn't think of that. Thanks! Josh ________________________________________ From: Eliezer Croitoru [elie...@ngtech.co.il] Sent: Thursday, July 19, 2012 6:12 PM To: squid-users@squid-cache.org Subject: Re: [squid-users] Non-browser applications using NTLM+Squid? On 7/19/2012 11:29 PM, Baird, Josh wrote: > Hi, > > I'm wondering what others are doing about non-browser applications > (Anti-virus software that fetches updates, instant messengers over HTTP, etc) > that sit behind a Squid proxy that requires NTLM authentication? These > applications, in my experience, use Windows' proxy settings to proxy their > outbound traffic, but can't speak NTLM, so the application is prevented from > proxying any traffic. > > Would a Kerberos integrated Squid be a possible solution to this problem? > > Thanks, > > Josh > very simple.. just allow them all before the authentication acls such as in: acl updates dstdomain .windowsupdates.microsoft.com .antivirusupdates.org acl updates1 dst 192.168.0.1/32 http_access allow localnet updates http_access allow localnet updates1 http_access allow localnet ntlm_auth_helper http_access deny all Regards, Eliezer -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.il