+ Post New Thread
Results 1 to 5 of 5
Internet Related/Filtering/Firewall Thread, Squid Configuration - Bypass Auth? in Technical; Here is the deal... I setup a Squid/Dansguardian box running Ubuntu 9.10 a couple weeks ago for Internet access logging. ...
  1. #1
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    795
    Thank Post
    81
    Thanked 130 Times in 113 Posts
    Blog Entries
    8
    Rep Power
    31

    Squid Configuration - Bypass Auth?

    Here is the deal... I setup a Squid/Dansguardian box running Ubuntu 9.10 a couple weeks ago for Internet access logging. It works great, authenticates against a 2003 Windows Server domain, and logs traffic with AD user names. The issue is third party apps on the client machines that don't support NTLM, or basic authentication against a proxy. Since they don't pass credentials to the proxy, they can't get out. One of these apps is Google Earth, well, not all of it. When a user clicks on a landmark to view pictures, nothing comes up. If I change IE to another proxy that doesn't require authentication, it works beautifully.

    I guess what I'm asking is, how do configure squid to bypass authentication for a particular domain?

    Thanks guys...

  2. #2

    Join Date
    Mar 2007
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hello there
    did you get a solution for this
    we have the same with smartboard software

  3. #3
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    795
    Thank Post
    81
    Thanked 130 Times in 113 Posts
    Blog Entries
    8
    Rep Power
    31
    Quote Originally Posted by voodoochile View Post
    Hello there
    did you get a solution for this
    we have the same with smartboard software
    Yeah, sure did, just had to ask Google, go figure.

    Create an ACL line in your Squid configuration file that looks like this...

    acl bypassNTLM dstdomain "/etc/squid/bypassauth-sites.squid"
    Then place an access rule right before the one that requires NTLM authentication that reads like this...

    http_access allow all bypassNTLM
    Now add whatever sites to "/etc/squid/bypassauth-sites.squid" you want that can bypass domain authentication.

    Test it by logging onto a domain computer locally (or a computer not on the domain), set your proxy up in Internet Explorer, and try browsing the web. You should get asked for credentials with the exception of the ones specified in bypassauth-sites.squid.

  4. #4
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    730
    Thank Post
    98
    Thanked 42 Times in 32 Posts
    Rep Power
    25
    Hi

    Say if you want to bypass authetication when browising the internet via certain IP address? would this be possible?

    Basically we have users who access a browser via citrix, we want these citrix servers to not ask users to authenticate.

    thanks

  5. #5
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    795
    Thank Post
    81
    Thanked 130 Times in 113 Posts
    Blog Entries
    8
    Rep Power
    31
    Yeah, you can drop an IP in a separate line and it'll work just like a domain name.

SHARE:
+ Post New Thread

Similar Threads

  1. Need a Dansguardian / Squid configuration expert
    By Number6 in forum Internet Related/Filtering/Firewall
    Replies: 70
    Last Post: 10th August 2010, 12:31 PM
  2. SQUID issue, anyone good with squid?
    By bart21 in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 23rd April 2010, 09:12 AM
  3. Auth to AD
    By ful56_uk in forum Web Development
    Replies: 2
    Last Post: 8th January 2010, 08:24 PM
  4. Squid configuration problem
    By Cragzman in forum *nix
    Replies: 3
    Last Post: 22nd October 2008, 02:59 PM
  5. NTLM auth squid
    By Jackd in forum *nix
    Replies: 10
    Last Post: 21st April 2008, 09:33 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •