michael_gra...@cadc.uscourts.gov wrote:
I'm running Squid 3.0 Stable 21. I have two reverse proxy sites setup with
LDAP authentication enabled.
How is the authentication prompted for (is it using HTTP auth, or a form)?
When I access either site, authentication
works fine. My problem is when I'm authenticated to one site and access
something on the other site, I get prompted to authenticate again. I can't
figure out why.
If you are using basic HTTP authentication, it's because the browser has
not been configured such that intranet.cadc.circdc.dcn is in any way
related to www.cadc.circdc.dcn. If you are using form based
authentication, you'll have to talk with the person who set that up.
Any help is appreciated. Below is my squid.con settings.
acl ldap-auth proxy_auth REQUIRED
http_access allow ldap-auth
http_port x.x.x.x:80 accel defaultsite=intranet.cadc.circdc.dcn
cache_peer x.x.x.x parent 80 0 no-query originserver name=intranet1
round-robin
cache_peer x.x.x.x parent 80 0 no-query originserver name=intranet2
round-robin
acl sites_intranet dstdomain intranet.cadc.circdc.dcn
http_access allow sites_intranet
cache_peer_access intranet1 allow sites_intranet
cache_peer_access intranet2 allow sites_intranet
http_port x.x.x.x:80 accel defaultsite=www.cadc.circdc.dcn
cache_peer x.x.x.x parent 80 0 no-query originserver name=iis
acl sites_iis dstdomain www.cadc.circdc.dcn
http_access allow sites_iis
cache_peer_access iis allow sites_iis
http_access deny all
One workaround to the functionality of basic HTTP auth would be to put
all of your data under one domain and let Squid pass the data to the
peers based on URL
http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers#Other_Criteria_than_Domain
Mike Grasso
Data Network Administrator
DC Circuit Court of Appeals
(202) 216-7443
Chris
