Hi all !
I finally (sort of) manage to get squid with ntlm authentication. I now have it working as i want it, but there's a configuration that i had to change and that's keeping bugging me in the why.
Everything was workig fine until reaching https sites.
If i had enabled both types of authentication: ntlm and basic (for those under Linux or not using a ntlm enabled browser):
--------
# Autenticacao NTLM - Winbind - AD
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 300
auth_param ntlm keep_alive off
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 100
auth_param basic realm Por favor autentique-se!
auth_param basic credentialsttl 2 hours
acl ntlmAuth proxy_auth REQUIRED
--------------------
This configuration worked fine, but those with NTLM (windows + IE / Firefox) were asked for authentication (that shouldn't happen). Those in Linux worked just fine (with an authentication dialog) and every site appears as it should be.
If i remove the basic authentication, those with windows (IE and Firefox) are NOT asked for authentication and those using Linux are asked for authentication (everything fine here). Here is the problem:
Those using Linux can't access (most) https sites. It just gives:
TCP_DENIED/407 3833 CONNECT twitter.com:443 - NONE/- text/html
And nothing happens...
So i've decided to do an experiment
In squid.conf, i've changed:
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
to
http_access allow CONNECT SSL_ports
And sudden all those https sites began working...
Well, by question is:
Is this correect ? What would be happening with the other configuration? Is it safe ?
hope someone can shed some light in this matter.
Thank you all
-- Use Open Source Software Human knowledge belongs to the world Bruno Santos bvsantos_at_ulscb.min-saude.pt http://www.twitter.com/feiticeir0 Tel: +351 962 753 053 Divisão de Informática informatica_at_ulscb.min-saude.pt Tel: +351 272 000 155 Fax: +351 272 000 257 Unidade Local de Saúde de Castelo Branco, E.P.E. geral_at_ulscb.min-saude.pt Tel: +351 272 000 272 Fax: +351 272 000 257 Linux registered user #349448 LPIC-1 CertificationReceived on Tue Jul 10 2012 - 10:00:04 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 10 2012 - 12:00:02 MDT