Re: [squid-users] ldap auth & Novell problem

Do you have some users that share the same account.
I think that squid's default configuration is not to allow the same user to
autheticate from two different ips within the same hour (autheticate_ip_ttl
3600
seconds) or maybe you have set it up before.

Matthew Kaminski a écrit :

> Hello everybody.
> Several months ago I installed squid proxy server for the public school I
> work for. A week ago I was asked to provide the facilites to track users
on
> the internet. I installed the squid_ldap_auth module which is
authenticating
> users to the NDS (Novell direstory services) LDAP server. It doesnt work
as
> great as it promised. Problem is that it works for most users, but not
for
> all. After24 hours of operation I recieved about 10 complaints from the
> users that it doesnt work. Basically users enters the credidentials, and
> after couple of seconds it again pops up the login/pass dialog box, and
> after several tries it finally comes up with "acces denied, you must be
> authenticated, etc, etc" message. Some users say that it sometimes work
and
> sometimes not. I created temporary account, which works, but several ppl
> here are using it right now (hence i cant really track them). I need the
> authentication to be fool-proof. Please note, that when I run the
> squid_ldap_auth module from the linux command line, it works for
everyone,
> so it is definitely not the novell/ldap problem. I strongly suspect it is
> internal squid problem. If i'm unable to provide 100% reliable method
then
> I'll need to say goodbye to squid and install Border Manager, or other
> proxy/tracking software. But i would like to stick to squid... I like
linux
> so much. Any comments appreciated. Thanks in advance.
>
> regards,
>
> Matthew Kaminski
> Network Administrator
>
> Howick College
> Sandspit Road
> PO Box 38142
> Howick
> Auckland
>
> Phone: 0-9-534 4492 x850
> Fax: 0-9-534 6574
> Cell: 021 159 6191
> Email: matthew.kaminski@howick.school.nz

(See attached file: smime.p7s)