[squid-users] smb_auth - clients get multiple challenges. from Greg Cunningham on 2001-09-11 (squid-users)

From: Greg Cunningham <gregc@dont-contact.us>
Date: Wed, 12 Sep 2001 11:49:52 +1000

I have just installed smb_auth & is working fine except that some users are
complaining that they have to repeadedly re-eneter their credentials in
order to browse. It appears to be a site-dependant problem.

I thought squid would only need this once until they were dropped thru
inactivity - not 8 challenges to complete a page.

[squid@proxy1 squid]$ cat etc/squid.conf | grep "^[a-z]"
http_port 8080
cache_peer proxy2.internal sibling 8080 3130
cache_peer proxy.bur.southcom.com.au parent 8080 3130
maximum_object_size 16384 KB
cache_dir ufs /usr/local/squid/cache 4096 64 256
debug_options ALL,1
authenticate_program /usr/local/bin/smb_auth -W HARRIS
authenticate_children 10
authenticate_ttl 1200
authenticate_ip_ttl 60
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
replacement_policy LFUDA
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl bur src 192.168.36.0/255.255.254.0
acl cooee src 192.168.39.128/255.255.255.192
acl hbm_bur src 192.168.39.64/255.255.255.224
acl ulv src 192.168.35.96/255.255.255.240
acl dport src 192.168.38.0/255.255.255.0
acl lton src 192.168.35.64/255.255.255.224
acl hbrt src 192.168.35.128/255.255.255.224
acl hbm_hbrt src 192.168.35.224/255.255.255.224
acl kmart src 192.168.35.16/255.255.255.240
acl internet_browsers proxy_auth REQUIRED
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow internet_browsers
http_access deny all
http_access allow localhost
http_access deny all
icp_access allow all
miss_access allow all
cache_mgr it@harrisgroup.com.au
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy1.internal
logfile_rotate 30
cachemgr_passwd secret shutdown
[squid@proxy1 squid]$

--
Greg Cunningham   			Mo: +61 (0)4 0705 6788
IT Support Officer   		Ph:  +61 (0)3 6440 7453
Harris & Company limited   	Fx:  +61 (0)3 6440 7455	
PO Box 63 Burnie             Tasmania        Australia  	
mailto://greg.cunningham@harrisgroup.com.au
	-- Tasmania, Holiday Isle --

Received on Tue Sep 11 2001 - 19:51:43 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:08 MST