use
http_access allow domainusers !otheracl !otheracl
!domainusers where domainusers is proxy_auth REQUIRED will never match
because REQUIRED always matches, and !1=0.
Rob
> -----Original Message-----
> From: Simon Bryan [mailto:sbryan@olmc.nsw.edu.au]
> Sent: Monday, 22 January 2001 12:17 PM
> To: squid-users@ircache.net
> Subject: [SQU] SMB Authentication
>
>
> HI,
> I have set up SMB Authentication on a test box and it works
> fine except for
> one niggle.
>
> I have the following:
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl CONNECT method CONNECT
> acl domainusers proxy_auth REQUIRED
>
>
> #Default configuration:
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
> http_access allow domainusers
> #http_access deny !domainusers
>
> http_access deny all
>
> Which works fine, but in my real box I really need to use the
> commented out
> line http_access deny !domainusers as I have a number of
> other acls that
> need to be processed as well. My understanding says that once
> the 'allow
> domainusers' is matched then the other (blocking ones) won't
> be procesed. I
> can probably reorganise them in some way ie move the deny
> ones up but then
> the usernames would not be logged in the request (would
> they?). I would
> like to simply replace the authentication method.
>
> Is there any reason that using deny !domainusers does not
> work with smb
> authentication? It just repeatedly brings up the login box and then
> eventually gives a no access message.
>
> Any help appreciated,
>
>
>
>
>
> Simon Bryan
> ____________________________________
> IT Manager
> OLMC Parramatta
> http://www.olmc.nsw.edu.au
> ____________________________________
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
>
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Sun Jan 21 2001 - 18:41:53 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:30 MST