Re: [squid-users] Authenticating parent cache problem

Since I cannot answer your question directly, as I don't know the direct
answers, I can only give you evidence...

A user connected directly to the netcache does not have to authenticate
himself. The netcache confirms his userid from the page request and
confirms it against a list of authorised web users and confirms whether the
account is still active.

A user connecting via proxy is sometimes prompted for his userid/password.
sometimes not.

elmars

Elmars Ositis

                                                                                                                              
                      Henrik Nordstrom
                      <hno@marasystems. To: "Elmars Ositis" <elmars.ositis@Vereinsbank.lv>,
                      com> squid-users@squid-cache.org
                                               cc:
                      06/06/2002 04:59 Subject: Re: [squid-users] Authenticating parent cache problem
                      PM
                                                                                                                              
                                                                                                                              

Is the Netcahe using basic HTTP authentication or NTLM over HTTP as
authentication mechanism, or in other words do the users need to login when
trying to browse, or are they automatically logged in with their domain
account?

NTLM over HTTP cannot be proxied, and will give a range of strange errors
if
one attempts to proxy it. This is due to a rather gross abuse of HTTP in
the
NTLM over HTTP authentication scheme..

Regards
Henrik

Elmars Ositis wrote:
> Hello-
>
> I have the following problem, for which I cannot find the answer to in
> either the FAQ or the archives...
>
> I have a squid proxy serving local users, which is required to connect to
a
> parent cache on the other end of a WAN link. This parent cache (netcache)
> is configured for user authentication. The netcache is using the nt
> domain\userid information to authenticate. All trust relationships are
ok.
> When users connect directly to the netcache, there are no problems. When
> users connect to the local squid proxy, some requests are serviced
without
> issue, other requests are serviced only after typing in the userid/pw
> information from 3 to 10 times per page. Sometimes no login window is
> given, and access is denied. When connecting directly to the netcache no
> such problems are exibited.
>
> The remote webcache is set as the default parent, and no direct is
allowed.
> On the local end all local addresses are permitted, and no userid access
> controls are enabled. The squid cache worked without problem for 6 months
> without any changes to a different parent cache which did not implement
> access controls. This parent cache is now disabled.
>
> Users are NT 4.0 and Windows2000 clients using IE5.5. The same problems I
> experience with my XP and RH 7.2 workstations.
>
> Any advice you could provide in this matter will help protect me from the
> lynching mob.... ;>)
>
>
> Elmars Ositis
Received on Thu Jun 06 2002 - 08:05:39 MDT