[squid-users] Squid Authentication Problem
I'm running Squid 3.0 Stable 21. I have two reverse proxy sites setup with LDAP authentication enabled. When I access either site, authentication works fine. My problem is when I'm authenticated to one site and access something on the other site, I get prompted to authenticate again. I can't figure out why. Any help is appreciated. Below is my squid.con settings. acl ldap-auth proxy_auth REQUIRED http_access allow ldap-auth http_port x.x.x.x:80 accel defaultsite=intranet.cadc.circdc.dcn cache_peer x.x.x.x parent 80 0 no-query originserver name=intranet1 round-robin cache_peer x.x.x.x parent 80 0 no-query originserver name=intranet2 round-robin acl sites_intranet dstdomain intranet.cadc.circdc.dcn http_access allow sites_intranet cache_peer_access intranet1 allow sites_intranet cache_peer_access intranet2 allow sites_intranet http_port x.x.x.x:80 accel defaultsite=www.cadc.circdc.dcn cache_peer x.x.x.x parent 80 0 no-query originserver name=iis acl sites_iis dstdomain www.cadc.circdc.dcn http_access allow sites_iis cache_peer_access iis allow sites_iis http_access deny all Mike Grasso Data Network Administrator DC Circuit Court of Appeals (202) 216-7443
[squid-users] Squid authentication problem
Hi All, I have squid running, but for users to access the web they must authenticate. Thing is since its a windows platform (XP professional and Vista, all running IE 7), Instant Messenger also requires the username and password in (Options - Connections) and some user is saying an application called "Vongo" also requires authentication. Is there a way to have users authenticate JUST to access the web and every other app to bypass the proxy. Thanks
[squid-users] Squid authentication problem!
Dear all, i want to setup an authenticator. from the squid.conf file i can see there there are three type of authentication, ntlm, digestor and the basic authenticator. so, how can i setup this authentication? please help! thanks! Cheers, yenonn
[squid-users] squid authentication problem
Hi, I have IP based authentication. Since I am on slow line I have allowed only 5 users to access the net. But when they are not in office other users use their IP and browse the net. So I am trying squid to authenticate with simple ncsa_auth against a htaccess file. But here I have a problem that whenever a user opens another window of IE she has to give password and username. Even if she saves it she has to press ENTER. Has anyone got a solution/workaround for this? Users find it very inconvienent to give username and passwword every time. Thanks a lot in advance. With warm regards, -Payal
[squid-users] Squid Authentication problem
Hello Everyone, I have a mayor problem (maybe not so big) , and I hope that someone can help me. I have 3 subnets (192.168.0.x;192.168.1.x;192.168.2.x) connecting to squid at ip adresses (192.168.0.250;192.168.1.250;192.168.2.250) which has 192.168.10.2 connecting to 192.168.10.1 (firewall). This info might not be important , but I wrote it down so you can visualise my network (to some degree). My squid.conf looks like this : http_port 3228 auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password auth_param basic children 5 auth_param basic realm Username And Pasword Required For Internet Access auth_param basic credentialsttl 30 minutes cache_mem 64 MB maximum_object_size_in_memory 512 KB maximum_object_size 1 KB cache_dir ufs /proxy1/ 8000 16 256 cache_dir ufs /proxy2/ 8000 16 256 cache_mgr [EMAIL PROTECTED] cache_effective_user nobody cache_effective_group nobody acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/32 acl SSL_ports port 443 563 acl Safe_ports port 80 8080 21 443 563 70 210 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT acl deny_ext urlpath_regex -i "/etc/squid/deny_ext" acl FTP proto FTP always_direct allow FTP acl authentic proxy_auth REQUIRED http_access allow authentic http_access deny deny_ext http_access deny all redirect_program /usr/bin/squidGuard redirect_children 4 everything was beatifull when I was testing with one machine it asked for a code every time I opened a new explorer, but today when it started working for the three subnets 65-70 computers , it is sometimes asking passwords and sometimes not (maybe that 30min credentialttl is the problem or maybe I should use pam_auth instead of ncsa_auth), someone please give me some info about this, or correct the error in my squid.conf file so that it will work as it was meant to work. (always asking for a user name... currently I have only one username for internet access [hope that is not the cause of my current problem] but I will be using many usernames, one for each user who needs internet) Sincerely Robert B
[squid-users] squid authentication problem
hello, always after i enable authentication i'm unable to browse on any webpage and i'm not even getting an errorpage from squid. so heres my buggy squid.conf http_port 8080 icp_port 0 htcp_port 0 hierarchy_stoplist cgi ? acl QUERY urlpath_regex cgi \? no_cache deny QUERY cache_dir diskd /var/spool/squid 100 16 256 ftp_user [EMAIL PROTECTED] authenticate_program /my/auth/program authenticate_children 5 proxy_auth_realm Meine Proxy-Anmeldung range_offset_limit 0 KB ident_timeout 1 seconds acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl FTP proto FTP always_direct allow FTP acl VERTRAUT src 192.168.0.0/255.255.0.0 acl VERTRAUT src 81.89.229.64/255.255.255.240 acl ANMELDUNG proxy_auth REQUIRED http_access allow ANMELDUNG cache_mgr [EMAIL PROTECTED] visible_hostname proxy.go-gate.de forwarded_for off cachemgr_passwd disable all i know the VERTRAUT acl isnt used currently.. my authentication program can also be replaced with the ncsa_auth tool, its the same problem. i tried it with squid 2.4 and 2.5 (and changed the authentication params so that it works with both versions.) i hope someone has a hint for me. thanks, Philipp
Re: [squid-users] Squid Authentication Problem
michael_gra...@cadc.uscourts.gov wrote: I'm running Squid 3.0 Stable 21. I have two reverse proxy sites setup with LDAP authentication enabled. How is the authentication prompted for (is it using HTTP auth, or a form)? When I access either site, authentication works fine. My problem is when I'm authenticated to one site and access something on the other site, I get prompted to authenticate again. I can't figure out why. If you are using basic HTTP authentication, it's because the browser has not been configured such that intranet.cadc.circdc.dcn is in any way related to www.cadc.circdc.dcn. If you are using form based authentication, you'll have to talk with the person who set that up. Any help is appreciated. Below is my squid.con settings. acl ldap-auth proxy_auth REQUIRED http_access allow ldap-auth http_port x.x.x.x:80 accel defaultsite=intranet.cadc.circdc.dcn cache_peer x.x.x.x parent 80 0 no-query originserver name=intranet1 round-robin cache_peer x.x.x.x parent 80 0 no-query originserver name=intranet2 round-robin acl sites_intranet dstdomain intranet.cadc.circdc.dcn http_access allow sites_intranet cache_peer_access intranet1 allow sites_intranet cache_peer_access intranet2 allow sites_intranet http_port x.x.x.x:80 accel defaultsite=www.cadc.circdc.dcn cache_peer x.x.x.x parent 80 0 no-query originserver name=iis acl sites_iis dstdomain www.cadc.circdc.dcn http_access allow sites_iis cache_peer_access iis allow sites_iis http_access deny all One workaround to the functionality of basic HTTP auth would be to put all of your data under one domain and let Squid pass the data to the peers based on URL http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers#Other_Criteria_than_Domain Mike Grasso Data Network Administrator DC Circuit Court of Appeals (202) 216-7443 Chris
Re: [squid-users] Squid authentication problem!
Hiu Yen Onn wrote: > > Dear all, > > i want to setup an authenticator. from the squid.conf file i can see > there there are three type of authentication, ntlm, digestor and the basic > authenticator. > so, how can i setup this authentication? > please help! > thanks! http://www.squid-cache.org/Doc/FAQ/FAQ-23.html M. > > Cheers, > yenonn -- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002)
Re: [squid-users] squid authentication problem
On Fri, 2004-07-02 at 08:54, Payal Rathod wrote: > So I am trying squid to authenticate with simple ncsa_auth against a > htaccess file. But here I have a problem that whenever a user opens > another window of IE she has to give password and username. Even if she > saves it she has to press ENTER. Has anyone got a solution/workaround > for this? Users find it very inconvienent to give username and passwword We educated our users to not open up a new instance of the browser (by not clicking on the IE icon on the desktop, but to open up a new window of the same instance (CTRL+n). That doesn't ask for the password again. sjm
Re: [squid-users] squid authentication problem
As described by Abue, you can do that on client end( tabbed browser), secondly you can use MAC base ACL in squid, thirdly if you are using a domain model, you can implement NTLM with smb, for this you have to compile your sambad, as per squid FAQ, and than use it with ntlm auth. This will let the authentication transparrent to the domain user.(if you are using a Domain Model). Also you can use time base ACl. --- Payal Rathod <[EMAIL PROTECTED]> wrote: > Hi, > I have IP based authentication. Since I am on slow > line I have > allowed only 5 users to access the net. But when > they are not in office > other users use their IP and browse the net. > So I am trying squid to authenticate with simple > ncsa_auth against a > htaccess file. But here I have a problem that > whenever a user opens > another window of IE she has to give password and > username. Even if she > saves it she has to press ENTER. Has anyone got a > solution/workaround > for this? Users find it very inconvienent to give > username and passwword > every time. > > Thanks a lot in advance. > > With warm regards, > -Payal > > = Regards, Mohsin Khan CCNA ( Cisco Certified Network Associate 2.0 ) http://forum.aaghaz.net (Your attention is needed) >>>Happy is the one who can smile<<< __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
