squid me pide contraseña todo el tiempo

[Armando Victor Corona Ramos]

Saludos amigos,

hoy les traigo otra duda. acabo de configurar squid 3.5.23 en debian 9, es
para dar servicio de internet a 250 usuarios. resulta que cuando configuro
el navegador, firefox, en las pc, estos no pueden autenticarse pues despes
de entrar las credenciales, vuelve a pedirlas en un ciclo sin fin.

he visto la logica del fichero y me parece que esta bien. Pudieran
ayudarme????
les envio el fichero de configuracion.
#
# +---------------------------------------------------------+
# |         3.5.23                                        |
# +---------------------------------------------------------+


#
+------------------------------------------------------------------------------+
# |                                 DEFAULT
                         |
#
+------------------------------------------------------------------------------+

auth_param basic children 5
auth_param basic realm CORDOVE - Internet proxy cache
auth_param basic credentialsttl 2 hours
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/users


# Recommended minimum configuration:
#
#
+------------------------------------------------------------------------------+
# |                          LISTAS CONTROL DE
ACCESO                            |
#
+------------------------------------------------------------------------------+

#-- acl puertos principales
acl SSL_ports port 443 # https
acl Safe_ports port 80 # http
acl Safe_ports port 8080 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl interna src 10.24.10.0/24

# -- Directo para la red de salud
acl salud dstdomain .sld.cu
http_access allow all salud
always_direct allow all salud

acl cuba dstdomain .cu
http_access allow all cuba
http_access allow interna cuba

acl purge method PURGE
acl CONNECT method CONNECT

url_rewrite_program /usr/bin/squidGuard

#-- Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports


#SERVIDORES
acl servidores arp 60:02:92:39:fe:4e        # .1
http_access allow servidores


#-- Passwd
acl Pass proxy_auth REQUIRED


# -- LISTAS DE CONTROL POR MAC
#-- MAC de la PCs con internet

acl mac_nodo arp a0:00:00:04:c0:05    #JEFE DEPTO INFORMATICA corona PCI
acl mac_nodo arp D0:17:C2:8A:44:86    #TECNICO DE LAS TIC leo
acl mac_nodo arp D0:17:C2:96:38:99    #ADMINISTRADOR DE RED tony
acl mac_nodo arp D0:17:C2:8A:44:D1    #SEGURIDAD INFORMATICA
#
acl mac_Biblioteca arp C0:7C:D1:33:A0:10
acl mac_Biblioteca arp 60:02:92:3C:68:EC
acl mac_Biblioteca arp 60:02:92:3C:69:11
acl mac_Biblioteca arp 0C:54:A5:4B:41:B3
#
acl mac_direccion arp 70:54:D2:0A:05:ED
acl mac_direccion arp 14:CC:20:04:26:0A
#
acl mac_Terapia arp 00:71:C2:19:A4:D8
#
acl mac_contabilidad arp 70:54:D2:09:FA:42    # Tamara
acl mac_contabilidad arp 70:54:d2:0a:03:88    # Energetico
#
acl mac_rrhh arp 50:46:5D:03:AF:43
acl mac_rrhh arp 14:DD:A9:7B:89:9F    # Jefe depto
acl mac_rrhh arp 70:54:D2:09:FB:22
#
acl mac_enfermeria arp 00:71:C2:19:A5:8C
acl mac_cirugia arp 00:71:C2:31:47:56
acl mac_facultativa arp 00:71:C2:19:A6:5A
acl mac_cardiologia arp 70:54:D2:0A:05:9D
acl mac_asistenciaMedica arp 00:21:97:2D:6F:3D
acl mac_miscelanea arp 70:54:D2:0A:06:CC
acl mac_ultrasonido arp 08:60:6E:53:CF:96
acl mac_laboratorioCl arp 70:54:D2:0A:04:6C
#
acl mac_docencia arp 70:54:D2:0A:04:E4
acl mac_docencia_2 arp 7C:05:07:3A:C9:E7
#
acl mac_proteccionFisica arp 00:1D:72:EC:E8:F5
acl mac_proteccionFisica arp A0:2B:B8:27:4E:FA
#
acl mac_farmacia arp 00:71:C2:31:47:64
acl mac_auditoria arp 60:02:92:3c:68:fc
acl mac_estadistica arp 60:02:92:3c:68:fd

# -- MAC - LAPTOPS
acl mac_docencia_delmis arp 34:97:f6:75:c2:db
acl mac_fonck arp 8C:89:A5:09:AA:78
acl mac_laptop_constanten arp 34:97:f6:cb:c2:52


# -- LISTAS DE CONTROL POR USUARIOS
# -- Usuarios con internet
acl nodo proxy_auth "/etc/squid/config/usuarios/nodo"
acl asistenciaMedica proxy_auth
"/etc/squid/config/usuarios/asistenciaMedica"
acl auditoria proxy_auth "/etc/squid/config/usuarios/auditoria"
acl biblioteca proxy_auth "/etc/squid/config/usuarios/biblioteca"
acl cardiologia proxy_auth "/etc/squid/config/usuarios/cardiologia"
acl cirugia proxy_auth "/etc/squid/config/usuarios/cirugia"
acl contabilidad proxy_auth "/etc/squid/config/usuarios/contabilidad"
acl direccion proxy_auth "/etc/squid/config/usuarios/direccion"
acl docencia proxy_auth "/etc/squid/config/usuarios/docencia"
acl enfermeria proxy_auth "/etc/squid/config/usuarios/enfermeria"
acl estadistica proxy_auth "/etc/squid/config/usuarios/estadistica"
acl facultativa proxy_auth "/etc/squid/config/usuarios/facultativa"
acl farmacia proxy_auth "/etc/squid/config/usuarios/farmacia"
acl laboratorioCl proxy_auth "/etc/squid/config/usuarios/laboratorioCl"
acl miscelanea proxy_auth "/etc/squid/config/usuarios/miscelanea"
acl proteccionFisica proxy_auth
"/etc/squid/config/usuarios/proteccionFisica"
acl rrhh proxy_auth "/etc/squid/config/usuarios/rrhh"
acl terapia proxy_auth "/etc/squid/config/usuarios/terapia"
acl ultrasonido proxy_auth "/etc/squid/config/usuarios/ultrasonido"


# -- REGLAS DE FILTRADO POR CONTENIDO --

# --  CONTROL DE TIEMPO --
acl horas_pico time A 08:00-10:00
acl horas_pico time MTWHF 08:00-15:00

# --- Alto Consumo
acl altoconsumo dstdomain "/etc/squid/filtros/altoconsumo"

# --- Redes Sociales
acl sociales url_regex -i "/etc/squid/filtros/sociales"

# DEFINIENDO PALABRAS FULAS
acl palabrasfulas url_regex -i "/etc/squid/filtros/palabrasfulas"

# --- Porn--- Proxy Anonimos
# --- SE FILTRA POR SQUID GUARD --
acl mal_domains dstdomain "/etc/squid/filtros/malware/domains"
acl mal_urls url_regex -i "/etc/squid/filtros/malware/urls"
#

# LISTA DE SITIOS INOCENTES - proxyenlaces
#acl proxyEnlaces_url url_regex -i
"/etc/squid/rules/restringir/inocentes.rule"
#acl proxyEnlaces_sitios url_regex -i
"/etc/squid/rules/restringir/inocentes.rule"
#acl proxyEnlaces_dominios dstdomain -i
"/etc/squid/rules/restringir/inocentes.rule"

# -- PERMITIR SITIOS INOCENTES - proxyenlaces
#http_access allow proxyEnlaces_url all
#http_access allow proxyEnlaces_sitios all
#http_access allow proxyEnlaces_dominios all


# -- DIRECCION DE ACCESO DENEGADO A SITIOS
acl scholar url_regex scholar.google.com.cu
acl google dstdomain .google.com.cu
deny_info http://scholar.google.com.cu google
http_access allow interna cuba

# ------ DENEGANDO REGLAS DE FILTRADO DE CONTENIDO ----------------- #
http_access deny palabrasfulas
http_access deny mal_domains
http_access deny mal_urls

#Denegacion de Facebook hora pico
http_access deny sociales horas_pico !nodo
http_access deny sociales horas_pico !direccion

#-- Util para SqStat
acl managers proto cache_object
acl webserver src 10.24.10.2
http_access allow managers webserver
http_access deny managers
cachemgr_passwd secret all

#
+------------------------------------------------------------------------------+
# |                          REGLAS CONTROL DE
ACCESO                            |
#
+------------------------------------------------------------------------------+

#-- Deny requests to certain unsafe ports
http_access deny !Safe_ports

http_access allow mac_nodo nodo Pass
http_access deny nodo

http_access allow asistenciaMedica mac_asistenciaMedica Pass
http_access deny asistenciaMedica

http_access allow auditoria mac_auditoria Pass
http_access deny auditoria

http_access allow biblioteca mac_biblioteca Pass
http_access deny biblioteca

http_access allow cardiologia mac_cardiologia Pass
http_access deny cardiologia

http_access allow cirugia mac_cirugia Pass
http_access deny cirugia

http_access allow contabilidad mac_contabilidad Pass
http_access deny contabilidad

http_access allow direccion mac_direccion Pass
http_access deny direccion

http_access allow docencia mac_docencia Pass
http_access deny docencia

http_access allow estadistica mac_estadistica Pass
http_access deny estadistica

http_access allow enfermeria mac_enfermeria Pass
http_access deny enfermeria

http_access allow facultativa mac_facultativa Pass
http_access deny facultativa

http_access allow farmacia mac_farmacia Pass
http_access deny farmacia

http_access allow laboratorioCl mac_laboratorioCl Pass
http_access deny laboratorioCl

http_access allow miscelanea mac_miscelanea Pass
http_access deny miscelanea

http_access allow proteccionFisica mac_proteccionFisica Pass
http_access deny proteccionFisica

http_access allow rrhh mac_rrhh Pass
http_access deny rrhh

http_access allow terapia mac_terapia Pass
http_access deny terapia

http_access allow ultrasonido mac_ultrasonido Pass
http_access deny ultrasonido

# -----------------------------------------------------------


shutdown_lifetime 10 seconds

# -- MEMORIA DE CACHE
cache_mem 512 MB
maximum_object_size 5 MB
dns_defnames on
logfile_rotate 10


#Default:

# Squid normally listens to port 3128
http_port 100.10.10.254:3128
icp_port 0


# +------------------------------------------------------+
# |                DEFAULT                            |
# +------------------------------------------------------+
# PROXY PADRE DE MI RED

cache_peer 100.10.9.55 parent 3128 0 default
cache_peer_domain proxy.sld.cu !.sld.cu
nonhierarchical_direct off

# --- Logs del proxy ---
cache_log /var/log/squid/cache.log
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
cache_dir aufs /var/spool/squid 5120 16 256
coredump_dir /var/spool/squid

cache_swap_low 90
cache_swap_high 95

cache_mgr d...@infomed.sld.cu

# -- Errores en Spanish
icon_directory /usr/share/squid/icons
error_directory /usr/share/squid/errors/es
mime_table /usr/share/squid/mime.conf

#
+------------------------------------------------------------------------------+
# |                          REFRESCO DE LA
CACHE                                |
#
+------------------------------------------------------------------------------+
#-- Imagenes
refresh_pattern -i \.gif$ 14400 80% 43200
refresh_pattern -i \.tiff?$ 14400 80% 43200
refresh_pattern -i \.bmp$ 14400 80% 43200
refresh_pattern -i \.jp?g$ 14400 80% 43200
refresh_pattern -i \.xbm$ 14400 80% 43200
refresh_pattern -i \.png$ 14400 80% 43200
refresh_pattern -i \.wrl$ 14400 80% 43200
refresh_pattern -i \.ico$ 14400 80% 43200
refresh_pattern -i \.pnm$ 14400 80% 43200
refresh_pattern -i \.pbm$ 14400 80% 43200
refresh_pattern -i \.pgm$ 14400 80% 43200
refresh_pattern -i \.ppm$ 14400 80% 43200
refresh_pattern -i \.rgb$ 14400 80% 43200
refresh_pattern -i \.ppm$ 14400 80% 43200
refresh_pattern -i \.rgb$ 14400 80% 43200
refresh_pattern -i \.xpm$ 14400 80% 43200
refresh_pattern -i \.xwd$ 14400 80% 43200
refresh_pattern -i \.pict?$ 14400 80% 43200

#-- Movies
refresh_pattern -i \.mov$ 14400 80% 43200
refresh_pattern -i \.mp?g?$ 14400 80% 43200
refresh_pattern -i \.avi$ 14400 80% 43200
refresh_pattern -i \.qtm?$ 14400 80% 43200
refresh_pattern -i \.viv$ 14400 80% 43200
refresh_pattern -i \.swf$ 14400 80% 43200
refresh_pattern -i \.flv$ 14400 80% 43200
refresh_pattern -i \.mp4$ 14400 80% 43200
refresh_pattern -i \.mkv$ 14400 80% 43200
refresh_pattern -i \.wmv$ 14400 80% 43200

#-- Sounds
refresh_pattern -i \.wav$ 14400 80% 43200
refresh_pattern -i \.aiff?$ 14400 80% 43200
refresh_pattern -i \.au$ 14400 80% 43200
refresh_pattern -i \.ram?$ 14400 80% 43200
refresh_pattern -i \.snd$ 14400 80% 43200
refresh_pattern -i \.mid$ 14400 80% 43200
refresh_pattern -i \.mp2$ 14400 80% 43200
refresh_pattern -i \.mp3$ 14400 80% 43200
refresh_pattern -i \.ogg$ 14400 80% 43200

#-- Archives
refresh_pattern -i \.sit$ 14400 80% 43200
refresh_pattern -i \.zip$ 14400 80% 43200
refresh_pattern -i \.7zip$ 14400 80% 43200
refresh_pattern -i \.hqx$ 14400 80% 43200
refresh_pattern -i \.exe$ 14400 80% 43200
refresh_pattern -i \.arj$ 14400 80% 43200
refresh_pattern -i \.lzh$ 14400 80% 43200
refresh_pattern -i \.lha$ 14400 80% 43200
refresh_pattern -i \.cab$ 14400 80% 43200
refresh_pattern -i \.rar$ 14400 80% 43200
refresh_pattern -i \.tar$ 14400 80% 43200
refresh_pattern -i \.gz$ 14400 80% 43200
refresh_pattern -i \.z$ 14400 80% 43200
refresh_pattern -i \.a[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i \.r[0-9][0-9]$ 14400 80% 43200

#-- Data files
refresh_pattern -i \.txt$ 14400 80% 43200
refresh_pattern -i \.pdf$ 14400 80% 43200
refresh_pattern -i \.doc$ 14400 80% 43200
refresh_pattern -i \.rtf$ 14400 80% 43200
refresh_pattern -i \.tex$ 14400 80% 43200
refresh_pattern -i \.latex$ 14400 80% 43200

#-- Java-type objects
refresh_pattern -i \.class$ 14400 80% 43200
refresh_pattern -i \.js$ 14400 80% 43200
refresh_pattern -i \.class$ 14400 80% 43200

#-- Web-type objects
refresh_pattern -i \.css$ 10 20% 4320
refresh_pattern -i \.html?$ 10 20% 4320
refresh_pattern \/$ 10 20% 4320


#-- Para evitar problemas con scripts .do
refresh_pattern -i \.do$ 0 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

#-- Otros
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern (\.deb|\.udeb)$   129600 100% 129600
refresh_pattern .        0    20%    4320
#
---------------------------------------------------------------------------



visible_hostname proxy.mired.sld.cu
dns_nameservers 100.10.10.1


http_access deny all