We are running Squid Cache: Version 2.5.STABLE1 configure options:
--enable-auth=ntlm,basic --enable-ntlm-auth-helpers=winbind
--enable-basic-auth-helpers=winbind --enable-delay-pools
When we activate delay pools users stop authenticating with the domain and a
error appear in the client browser saying couldnīt retrieve the page and the
domain\user never appear in the access.log.
EX:
1077921626.547 0 x.x.x.x TCP_DENIED/407 1642 GET
http://www.hotmail.com/ - NONE/- text/html
Without delay pools all work fine and we can see domain\user in the
access.log.
EX:
1077931310.377 232 x.x.x.x TCP_MISS/200 9406 GET
http://www.google.com.ar/intl/es_ALL/images/directory_hp.gif domain\user
FIRST_PARENT_MISS/127.0.0.1 image/gif
What are we doing wrong???
RGDS
Here are a extract of the squid.conf
auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth -d
auth_param ntlm children 50
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl Safe_ports port 85
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-1074 # unregistered ports
acl Safe_ports port 1076-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl localnet proxy_auth REQUIRED
acl user_delay_2048 proxy_auth REQUIRED #I probe "acl user_delay_2048
proxy_auth -i domain\user"
acl user_delay_4096 proxy_auth REQUIRED #I probe "acl user_delay_2048
proxy_auth -i domain\user"
no_cache deny all
http_access allow localhost
http_access allow manager localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow user_delay_2048 #I probe removing this line
http_access allow user_delay_4096 #I probe removing this line
http_access deny all
# Comment out previous line, and uncomment next line to stop authentication
never_direct allow all
delay_pools 2
delay_class 1 2
delay_class 2 2
delay_access 1 allow user_delay_2048
delay_access 1 deny all
delay_access 2 allow user_delay_4096
delay_access 2 deny all
delay_parameters 1 8192/8192 4096/6144
delay_parameters 2 8192/8192 2048/3072
Received on Fri Feb 27 2004 - 19:18:55 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:03 MST