[squid-users] Poblem with sibling from Rost, Werner on 2002-04-04 (squid-users)

From: Rost, Werner <Werner.Rost@dont-contact.us>
Date: Thu, 4 Apr 2002 09:32:30 +0200

We have to SQUID-Proxies version 2.4 stable 3. Each proxy runs in a separate
domain.Users must authetnicate via smb_auth to a Win NT4 PDC-server.

Assume SQUID1 on domain DOMAIN1 with PDC1 IP of SQUID1 = IP1
Assume SQUID2 on domain DOMAIN2 with PDC2 IP of SQUID2 = IP2

Authentication of SQUID1

authenticate_program /usr/local/bin/smb_auth -W DOMAIN1 -U PDC1

Authentication of SQUID2:

authenticate_program /usr/local/bin/smb_auth -W DOMAIN2 -U PDC2

Both SQUIDs use the same parent. Now I want to confugure a sibling relation:

SQUID1:

cache_peer <parent> parent 8080 7 default no-query
cache_peer PI2 sibling 8080 3130

SQUID2:

cache_peer <parent> parent 8080 7 default no-query
cache_peer IP1 sibling 8080 3130

After some time this lead to problems. Example:
A user of DOMAIN2 requests www.gmx.de. Then he is often asked for username
+ password. Each time he one more peace of the website is displayed.
Access.log of DOMAIN1 shows:

Thu Apr 4 08:51:14 2002 0 195.233.126.92 UDP_MISS/000 39 ICP_QUERY
http://
www.gmx.de/ - NONE/- -
Thu Apr 4 08:51:15 2002 0 195.233.126.92 UDP_MISS/000 102 ICP_QUERY
http:/
/a196.g.akamai.net/7/196/2670/0004/images.gmx.net/images/de/promo/pm_p1.jpg
- NO
NE/- -
Thu Apr 4 08:51:15 2002 0 195.233.126.92 UDP_MISS/000 102 ICP_QUERY
http:/
/a196.g.akamai.net/7/196/2670/0004/images.gmx.net/images/de/promo/pm_t1.gif
- NO
NE/- -
Thu Apr 4 08:51:16 2002 0 195.233.126.92 UDP_HIT/000 104 ICP_QUERY
http://
a196.g.akamai.net/7/196/2670/0003/images.gmx.net/images/bs/6133/Lissabon.jpg
- N
ONE/- -
Thu Apr 4 08:51:16 2002 107 195.233.126.92 TCP_DENIED/407 1506 GET
http://a1
96.g.akamai.net/7/196/2670/0003/images.gmx.net/images/bs/6133/Lissabon.jpg -
NON
E/- -
Thu Apr 4 08:51:16 2002 0 195.233.126.92 UDP_HIT/000 104 ICP_QUERY
http://
a196.g.akamai.net/7/196/2670/0003/images.gmx.net/images/bs/6133/Lissabon.jpg
- N
ONE/- -
Thu Apr 4 08:51:16 2002 5 195.233.126.92 TCP_DENIED/407 1506 GET
http://a1
96.g.akamai.net/7/196/2670/0003/images.gmx.net/images/bs/6133/Lissabon.jpg -
NON
E/- -
Thu Apr 4 08:51:17 2002 0 195.233.126.92 UDP_MISS/000 103 ICP_QUERY
http:/
/a196.g.akamai.net/7/196/2670/0003/images.gmx.net/images/bs/6136/EURO_70.jpg
- N
ONE/- -
Thu Apr 4 08:51:27 2002 0 195.233.126.92 UDP_HIT/000 104 ICP_QUERY
http://
a196.g.akamai.net/7/196/2670/0003/images.gmx.net/images/bs/6133/Lissabon.jpg
- N
ONE/- -
Thu Apr 4 08:51:28 2002 185 195.233.126.92 TCP_DENIED/407 1506 GET
http://a1
96.g.akamai.net/7/196/2670/0003/images.gmx.net/images/bs/6133/Lissabon.jpg -
NON
E/- -
Thu Apr 4 08:51:40 2002 0 195.233.126.92 UDP_HIT/000 105 ICP_QUERY
http://
a196.g.akamai.net/7/196/2670/0004/images.gmx.net/images/de/login/nologout.gi
f -
NONE/- -
Thu Apr 4 08:51:40 2002 0 195.233.126.92 UDP_HIT/000 106 ICP_QUERY
http://
a196.g.akamai.net/7/196/2670/0004/images.gmx.net/images/de/icons/de/weiter.g
if -
NONE/- -
Thu Apr 4 08:51:40 2002 1 195.233.126.92 TCP_DENIED/407 1509 GET
http://a1
96.g.akamai.net/7/196/2670/0004/images.gmx.net/images/de/login/nologout.gif
- NO
NE/- -
Thu Apr 4 08:51:40 2002 6 195.233.126.92 TCP_DENIED/407 1512 GET
http://a1
96.g.akamai.net/7/196/2670/0004/images.gmx.net/images/de/icons/de/weiter.gif
- N
ONE/- -
Thu Apr 4 08:51:40 2002 0 195.233.126.92 UDP_HIT/000 105 ICP_QUERY
http://
a196.g.akamai.net/7/196/2670/0004/images.gmx.net/images/de/login/nologout.gi
f -
NONE/- -
Thu Apr 4 08:51:40 2002 0 195.233.126.92 UDP_HIT/000 106 ICP_QUERY
http://
a196.g.akamai.net/7/196/2670/0004/images.gmx.net/images/de/icons/de/weiter

Deactivating the sibling relationship all works fine: After user has
authenticated once the whole website is displayed.

What is the problem with sibling?

> Mit freundlichen Grüßen / regards
> Werner Rost
>
> ---------------------------------------------------------------------
> ZF Boge GmbH
> Werner Rost
> IT
> Friesdorfer Str. 175
> D-53175 Bonn
>
>
> phone: +49/228/3825 420
> fax: +49/228/3825 398
> werner.rost@zfboge.com
>
> www.boge-vibrationcontrol.com
> ---------------------------------------------------------------------
>
>

---------------------------------------------------------
This Mail has been checked for Viruses
Attention: Encrypted mails can NOT be checked!

Diese Mail wurde auf Viren geprueft
Hinweis: Verschluesselte mails koennen NICHT auf Viren geprueft werden!
---------------------------------------------------------
Received on Thu Apr 04 2002 - 00:28:58 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:20 MST