Re: Please help! problem chaining 2 proxies with authentication

Thanks Ilker,

I have tested your suggestion and based on the FAQ that I read. What I
did then was to disable the authentication on remote proxy B and was
only left with ldap authentication on my local proxy A. When I started
to chain the two however, making my local proxy A the parent of remote
proxy B, users on the remote site is now having an authentication
failure. This problem however is not encountered for users on the
local site.

                                    | Proxy A | <----- authentication
here, and users here are successfully authenticated
                                     ---------- parent proxy
                                            |
                                            |
                                    | Proxy B | <----- users keeps on
getting authentication failure if Proxy B is chained
                                      --------- to Proxy A

How do I get users on the remote site successfully authenticate
themselves after the proxy chain? Do I have to add Proxy B as a
sibling (on cache_peer of squid.conf) of Proxy A. Is it possible to
have two ldap authenticators on the squid.conf on Proxy A so that my
remote users could just be authenticated? Any other workaround.

Appreciate your reply as my remote users are now starting to complain
about not being able to access the net.

Joel

R.Ilker Gokhan wrote:

>
>
> Please don't send HTML mail.
> http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.7 if you see faq .
> you will see:
>
> FAQ: Only ONE proxy cache in a chain is allowed to ``use'' the
> Proxy-Authentication request header. Once the header is used, it must
> not be passed on to other proxies.
>
> So if Both of your neighbour caches have authentication. they don't
> pass authentication header from one to other. Either you should not
> use chain or you should use authentication on only one proxy.
>
> Greetings..
> Ilker G.
>
> -----Original Message-----
> From: Joel Taqueban [mailto:jtaqueba@apme-ops.dhl.com]
> Sent: Wednesday, June 07, 2000 3:26 PM
> To: squid-users@ircache.net
> Subject: Please help! problem chaining 2 proxies with authentication
>
> Dear squid admins,
> We have to proxy servers ,Proxy A and Proxy B. Proxy A is my local
> proxy and Proxy B is the the remote one. My local proxy has an ldap
> authentication and is working. My remote proxy also has its own ldap
> authentication feature. When I started to chain my remote proxy to
> my local proxy however, remote users connected to the remote proxy is
> now getting an error of "proxy authentication failure" even though
> they have entered the right login and passwd. I rechecked even the
> cache_peer on squid.conf on both proxies and here's what:
>
>
> remote proxy:
> cache_peer daffy.apme-ops.dhl.com parent 3128 3130
> ..........
> authenticate_program /usr/local/squid/bin/squid_ldap_auth
> ldap.hkg-hub.dhl.com
>
> local proxy
> authenticate_program /usr/local/squid/bin/squid_ldap_auth
> ldap.apme-ops.dhl.com
>
> What could be wrong? Any other thing I missed?
> Joel
Received on Thu Jun 08 2000 - 08:17:37 MDT