Re: [squid-users] authentication issues using winbind and ntlm

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 2 Dec 2003 20:45:38 +0100 (CET)

On Tue, 2 Dec 2003, Jim Crippen wrote:

> I don't know if this has already been answered but I was unable to find
> anything about it. I've setup squid-2.5.STABLE4 with Samba 3.0.0 using
> winbind for authentication. Everything works fine, except, every page
> accessed first enters 2 TCP_DENIED entries in the access log.

This is due to how NTLM authentication works.

On each new client connection there is first two denied requests while
NTLM tries to negotiate the authentication.

We could add filters to squid not logging these, but then we risk both
logging interesting details in case of problems and to allow hackers to
probe the proxy without getting noticed.

> I wanted to know if there is a way around this as when I add back in
> the following acl "acl test url_regex "/etc/blacklist" " and deny access
> to it, I can not get the username recorded in the access log.

You can if you blacklist after requiring authentication..

The two questions are not related.

Regards
Henrik
Received on Tue Dec 02 2003 - 12:45:48 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:04 MST