[squid-users] access denied with 2.5S11, but ok wiht 2.5S9 same config

From: <Arno.STREULI@dont-contact.us>
Date: Tue, 4 Oct 2005 09:36:59 +0200

Hello,
I juste create a new proxy with squid 2.5S11 on solaris 8, I take the same
config (exceopt of the name of the server) that the one is running in
production on another server. But I get an access denied.
here is the cache.log (I don0't know why I got that on log, i didn't ask
for any debug or something).

2005/10/04 09:23:11| storeLateRelease: released 0 objects
[2005/10/04 09:23:42, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
  Got user=[B9J] domain=[D-BI1] workstation=[X-VCZMTNSARFNFZ] len1=24
len2=24
[2005/10/04 09:23:42, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
  NTLMSSP Sign/Seal - Initialising with flags:
[2005/10/04 09:23:42, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x00000216

here is my config:
cache_effective_user squid
cache_effective_group nobody

http_port 8080
refresh_pattern . 0 20% 4320
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440

visible_hostname squid
cache_mem 300 MB

# Authentication scheme
## NTLM auth
auth_param ntlm program /opt/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 64
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm max_challenge_reuses 0

external_acl_type NT_global_group concurrency=40 %LOGIN
/opt/squid/libexec/wbinfo_group.pl
external_acl_type NT_group concurrency=30 %LOGIN
/opt/squid/libexec/wbinfo_group.pl

acl techuser external NT_global_group D-BI1\SurfeursWebCCH-T
acl webuserCA external NT_global_group D-BI1\SurfeursWebCCH
D-BI1\SurfeursWebCCH-T
acl webuserAutre external NT_group D-B1\SurfeursWebBCH DH1\SurfeursWebHCH
# ACL config
acl SSL_ports port 443 563 22
acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0
acl QUERY urlpath_regex cgi-bin \?
acl manager proto cache_object
acl auth proxy_auth REQUIRED
acl ftp proto ftp
acl java_jvm browser Java/1.4

acl to_localhost dst 127.0.0.0/8
acl local dst 10.137.0.0/255.255.0.0
acl localhost src 127.0.0.1/255.255.255.255

acl CI dst 10.0.0.0/255.0.0.0
acl ci-dst dst 10.137.0.0/255.255.0.0
acl ci-src src 10.137.0.0/255.255.0.0

acl AntiVirus1 dstdomain .symantec.com
acl AntiVirus2 dstdomain .symantecliveupdate.com

# cache directory info
cache_dir diskd /cache1 25000 64 256
cache_replacement_policy LFUDA

maximum_object_size 20 MB

cache_swap_high 80
cache_swap_low 70
# cache log file path
cache_store_log none
cache_access_log /opt/squid/logs/access.log
cache_log /opt/squid/logs/cache.log
pid_filename /opt/squid/logs/squid.pid

http_reply_access allow all
icp_access allow all

redirect_children 20
coredump_dir /usr/local/squid/var

forwarded_for off
hierarchy_stoplist cgi-bin ?

## http access rules
http_access allow manager ci-src
http_access allow manager localhost
http_access deny manager

http_access allow java_jvm
http_access allow AntiVirus1
http_access allow AntiVirus2
http_access allow ci-src auth webuserCA
http_access allow !ci-src auth webuserAutre
http_access deny all

Any hint on why ?
all usual wbinfo test and ntlm_auth are wokring fine.

thanks in advance

******************************************************************
DISCLAIMER - E-MAIL
-------------------
The information contained in this E-Mail is intended for the named
recipient(s). It may contain certain privileged and confidential
information, or information which is otherwise protected from
disclosure. If you are not the intended recipient, you must not
copy,distribute or take any action in reliance on this information
******************************************************************
Received on Tue Oct 04 2005 - 01:37:13 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:03 MST