RE: Please help! problem chaining 2 proxies with authentication

From: R.Ilker Gokhan <IlkerG@dont-contact.us>
Date: Fri, 9 Jun 2000 15:30:04 +0300

>Thanks Ilker,

Not at all.. :-)
>I have tested your suggestion and based on the FAQ that I read. What I
did then was to disable >the authentication on remote proxy B and was only
left with ldap authentication on my local proxy A. When I started to chain
the two however, making my local proxy A the parent of remote >proxy B,
users on the remote site is now having an authentication failure. This
problem however is not encountered for users on the local site.
                                    | Proxy A | <----- authentication
here, and users here are >successfully authenticated
                                     ---------- parent proxy
                                            |
                                            |
                                    | Proxy B | <----- users keeps on
getting authentication >failure if Proxy B is chained
                                      --------- to Proxy A
>How do I get users on the remote site successfully authenticate themselves
after the proxy chain? Do I have to add Proxy B as a sibling (on
cache_peer of squid.conf) of Proxy A. Is it

Hi,

i have wanted to set authentication on same configuration in the past, i
have tried alot of option of cache chain. Unfortunately i havent got it. FAQ
says

For example:
1-
ProxyA -parent (has not authenticate module)
proxyB -sibling (has authenticate module)

2-
ProxyA -parent (has authenticate module)
ProxyB -sibling (has authenticate module)

etc.. i have tried 6 probability like these. At last i have broken chain
between my proxy caches. If you can get this situation please inform me...

Sorry, i couldn't help you..

Ilker G.

>possible to have two ldap authenticators on the squid.conf on Proxy A so
that my remote users could just be authenticated? Any other workaround.
>Appreciate your reply as my remote users are now starting to complain about
not being able to access the net.
Joel
R.Ilker Gokhan wrote:
  
Please don't send HTML mail.
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.7 if you see faq . you
will see:
FAQ: Only ONE proxy cache in a chain is allowed to ``use'' the
Proxy-Authentication request header. Once the header is used, it must not be
passed on to other proxies.
So if Both of your neighbour caches have authentication. they don't pass
authentication header from one to other. Either you should not use chain or
you should use authentication on only one proxy.
Greetings..
Ilker G.
-----Original Message-----
From: Joel Taqueban [mailto:jtaqueba@apme-ops.dhl.com]
Sent: Wednesday, June 07, 2000 3:26 PM
To: squid-users@ircache.net
Subject: Please help! problem chaining 2 proxies with authentication
Dear squid admins,

We have to proxy servers ,Proxy A and Proxy B. Proxy A is my local proxy
and Proxy B is the the remote one. My local proxy has an ldap
authentication and is working. My remote proxy also has its own ldap
authentication feature. When I started to chain my remote proxy to my
local proxy however, remote users connected to the remote proxy is now
getting an error of "proxy authentication failure" even though they have
entered the right login and passwd. I rechecked even the cache_peer on
squid.conf on both proxies and here's what:
  
remote proxy:
cache_peer daffy.apme-ops.dhl.com parent 3128 3130
..........
authenticate_program /usr/local/squid/bin/squid_ldap_auth
ldap.hkg-hub.dhl.com
local proxy
authenticate_program /usr/local/squid/bin/squid_ldap_auth
ldap.apme-ops.dhl.com
What could be wrong? Any other thing I missed?
Joel
Received on Fri Jun 09 2000 - 06:32:37 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:59 MST