[squid-users] squidNT 2.5 STABLE10 auth problem.

Hi,
I experience a problem with squid NT installed on a winXP pro member
of a win2000 Active directory domain.

The proxy cache works perfectly ans authentication too. But sometimes,
when client use it (by Internet Explorer or firefox) it ask for login
and password few time. After entering the same username and password
that it was used for the connection, we can access to the cache.

I have this lines in cache.log:

ntlm-auth[2800]: sending 'NA Incorrect Group Membership' to squid
ntlm-auth[2416]: sending 'NA Incorrect Group Membership' nto squid
tlm-auth[3668]: ntlm-auth[2800]: sendinsending 'NA Incorrect Group
Membership' to squid
g 'NA Incorrect Group Membership' to squid
ntlm-auth[3668]: sending 'NA Incorrect Group Membership' to squid
ntlm-auth[3668]: sending 'NA Incorrect Group Membership' to squid
ntlm-auth[3668]: sending 'NA Incorrect Group Membership' to squid
[... x10]
ntlm-auth[3668]: sending 'NA Incorrect Group Membership' to squid
ntlm-auth[3668]: sending 'NA Incorrect Group Membership' to squid

I check time between server and the winXP and it's match.

####################
here is my squid.conf

http_port 1248
debug_options ALL,1
maximum_object_size 15000 KB
auth_param ntlm children 3
auth_param ntlm max_challenge_lifetime 2 hours
auth_param ntlm max_challenge_reuses 0
auth_param ntlm program c:/squid/libexec/win32_ntlm_auth.exe -A proxy-alwd
auth_param ntlm use_ntlm_negotiate on
external_acl_type NT_global_group %LOGIN
c:/squid/libexec/win32_check_group.exe -G -c
memory_replacement_policy heap LFUDA
cache_replacement_policy heap LFUDA
cache_dir awin32 c:/squid/var/cache 2000 16 20
cache_mem 24 MB

acl all src 0.0.0.0/0.0.0.0
acl password proxy_auth REQUIRED
acl CONNECT method CONNECT
acl localadr src 172.16.11.0/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
acl manager proto cache_object
acl QUERY urlpath_regex cgi-bin \?
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 1025-65535
acl Safe_ports port 1863
acl Safe_ports port 20
acl Safe_ports port 21
acl Safe_ports port 210
acl Safe_ports port 280
acl Safe_ports port 443 563
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 70
acl Safe_ports port 777
acl Safe_ports port 80
acl SSL_ports port 443 563
acl internetusers external NT_global_group "c:/squid/etc/utilsdom" #
--> "domain users"

http_access deny !localadr
http_access deny !internetusers
http_access allow password
http_access allow Safe_ports
http_access deny manager
http_access deny all
logfile_rotate 12
http_reply_access allow all
refresh_pattern . 0 20% 4320
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
coredump_dir c:/squid/var/cache
hierarchy_stoplist cgi-bin ?
icp_access allow all
no_cache deny QUERY
#####################

I set a group on the local machine named proxy-alwd and add the
"domain users" inside.

I hope that someone could help me.
Best regards, Guillaume
Received on Wed Aug 24 2005 - 03:24:48 MDT