Hi all We are in the process of replacing an ISA cluster with a Squid Cluster (Squid Cache: Version 3.1.14) and have run into some issues with the forwarding of credentials to an upstream proxy.
Our setup is as follows (names and IP addresses just for explanation purposes) Netscaller Load-ballancer 10.0.0.10:8080 [squid.domain.local] Squid Node 1 10.0.0.11:8080 [squidnode1.domain.local] - sibling Squid Node 2 10.0.0.12:8080 [squidnode2.domain.local] - sibling Upstream Websense 10.0.0.20:8080 [websense.domain.local] - parent Upstream Transparent Proxy 10.1.0.10:8080 [parent.domain.local] - parent Clients connect in from within a Citrix / Terminal server environment to the load-ballancer, which in turn forwards the TCP connection to one of the squidnode's (load ballanced / round robin with failover) The Squid then forwards the connections onto the websense system using the following directive from squid.conf (ex from node 1) cache_peer 10.0.0.20 parent 8080 3130 no-query login=PASS weight=4 cache_peer 10.0.0.12 sibling 8080 3130 login=PASS The websense (running on a linux platform) then authenicates the users and based on its access rules then forwards the request onto the upstream server and off to the internet. Our issue is that the websense does not seem to be authenticating all Terminal Server / Citrix users correctly, it is set up to use IWA with a fall back to ntlm authentication, it seems to be authenticating the 1st connection via the squid from the IP address of the TS but not the following ones. Websense seem to think that this is a problem with the squid configuration but I am not sure that this is true as the squid is only forwarding on the authentication request to the websense box. Does Squid have the ability to differentiate between multiple users on a single computer? Has anyone had any experience of a similar setup where authentications are being processed by an upstream server for Terminal Server users? Thanks Jay -- "The only difference between saints and sinners is that every saint has a past while every sinner has a future. " — Oscar Wilde