[squid-users] Authentication pop-ups. Questions

VerĂ³nica Ovando vero.ovando at live.com
Wed Dec 9 14:25:33 UTC 2015

Hi. I have Squid 3.5 running over Debian 8.

I am using AD authentication. This is part of my squid.conf:

#auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN.com
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm keep_alive off

auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Servidor proxy-cache de mi Dominio
auth_param basic credentialsttl 2 hours

external_acl_type AD_Grupos ttl=10 children=10 %LOGIN
/usr/lib/squid3/ext_wbinfo_group_acl -d

acl AD_Standard external Grupos_AD Standard
acl AD_Exceptuados external Grupos_AD Exceptuados
acl AD_Bloqueados external Grupos_AD Bloqueados

acl face url_regex -i "/etc/squid3/facebook"
acl gob url_regex -i "/etc/squid3/gubernamentales"

http_access allow AD_Standard
http_access allow AD_Exceptuados face
http_access allow AD_Exceptuados gob
http_access deny AD_Bloqueados
http_access deny all

When  a users that belongs to AD_Bloqueados is asked for the AD user and 
password (of course he/she needs one that belongs to AD_Standard or 
AD_Exceptuados). When I try to use one of those users I cannot 
authenticate correctly. the popup appears many times until I cancel it. 
But sometimes it works. I use all the browsers to do the tests (IE, 
Mozilla and the latest Chrome). With Chrome I get good results, but as I 
said, it works sometimes.

Because sometimes I login with users not in the domain and I need to 
access to internet, I cannot use the 'all' directive in the end of the 
line of 'http_access deny AD_Bloqueados.'

I will appreciate a lot any help you can give me.

Sorry for my English. Thanks.

More information about the squid-users mailing list