On Wed, 1 Jun 2005, Phibee Network operation Center wrote:
> 1- I don't know why, but all web site with a refresh have a access
> denied .. my user going on the web site no problems, wait 5mn the web
> site refresh and when he refresh i have a access denied
Don't know.
> 2- I don't know why with IE i can't going on www.ratp.fr when i use the
> proxy squid. i have a box for download and not the web site .. i don't
> know what is the process for debug this ... without squid the web site
> work's !!!!!
access.log with log_mime_hdrs on is a good start..
> 3- What is the access right for accept this:
> 1117612694.193 0 10.206.1.251 TCP_DENIED/407 1790 GET
> cache_object://10.206.1.251/counters - NONE/- text/html
> 1117612694.197 0 10.206.1.251 TCP_DENIED/407 1778 GET
> cache_object://10.206.1.251/5min - NONE/- text/html
> 1117612694.201 0 10.206.1.251 TCP_DENIED/407 1781 GET
> cache_object://10.206.1.251/60min - NONE/- text/html
Looks like you have someone trying to use the cachemgr interface but your
http_access rules requires authentication.
cachemgr will sent the entered username and password as basic
authentication to Squid allowing you to require authentication for these
as well.
> 4- i have a lot of problems of authentification, when i change the password
> on my Active Directory, 3/4 hours after squid don't have
> the new password ... can i said a small cache live ?
In ntlm there is no cache of the user credentials provided you run with
challenge reuses disabled (the default). If you find that the old
credentials is still accepted then this is your domain controller still
accepting the old password.
In basic there is a cache for the duration of the credentialsttl. Squid
automatically refreshes the cache when seeing a login with a different
password. It may also be the case that winbind employs a cache here
however..
Regards
Henrik
Received on Sun Jun 05 2005 - 16:26:39 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT