[squid-users] Squid2.6 Stable with Mac OSX issue

From: Eric Young <Eric.Young@dont-contact.us>
Date: Mon, 29 Oct 2007 13:12:43 -0700

I am running Squid2.6 stable running on Win2003

 

I have a stable config running with 120+ WinXP boxes and 130+ users. I have 3 Mac OSX workstations that like the XP workstations are setup with manual proxy settings. My problem is that Mac users are getting prompt every 15-20 meeting for authentication again. They are able to surf but are getting errors on RSS streams and WebDav. XP users are getting authenticated via NTLM.

 

 

 

My config

 

auth_param ntlm program e:/squid/libexec/mswin_ntlm_auth.exe

auth_param ntlm children 5

auth_param ntlm max_challenge_lifetime 600 minutes

auth_param ntlm keep_alive on

external_acl_type win_domain_group ttl=120 %LOGIN e:/squid/libexec/mswin_check_lm_group.exe -G

acl ProxyUsers external win_domain_group ProxyAccess

acl NoProxyUsers external win_domain_group NoProxyAccess

acl password proxy_auth REQUIRED

http_access allow password ProxyUsers

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access allow !Safe_ports

http_access allow localhost

cache_mgr eric.young@tullys.com

httpd_suppress_version_string on

visible_hostname Tullys

via off

forwarded_for off

log_icp_queries off

client_db off

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access deny all

icp_access allow all

http_port x.x.x.x:8002

cache_dir ufs e:/squid/var/cache 3000 16 256

access_log e:/squid/var/logs/access.log common

cache_log e:/squid/var/logs/cache.log

cache_store_log e:/squid/var/logs/store.log

pid_filename e:/squid/var/logs/squid.pid

debug_options ALL,1 33,2

unlinkd_program e:/squid/libexec/unlinkd.exe

refresh_pattern ^http://.*\.gif$ 1440 50% 20160 reload-into-ims

refresh_pattern ^http://.*\.asis$ 1440 50% 20160

refresh_pattern -i \.png$ 10080 150% 40320 reload-into-ims

refresh_pattern -i \.jpg$ 10080 150% 40320 reload-into-ims

refresh_pattern -i \.bmp$ 10080 150% 40320 reload-into-ims

refresh_pattern -i \.gif$ 10080 300% 40320 reload-into-ims

refresh_pattern -i \.ico$ 10080 300% 40320 reload-into-ims

refresh_pattern -i \.swf$ 10080 300% 40320 reload-into-ims

refresh_pattern -i \.flv$ 10080 300% 40320 reload-into-ims

refresh_pattern -i \.rar$ 10080 150% 40320

refresh_pattern -i \.ram$ 10080 150% 40320

refresh_pattern -i \.txt$ 1440 100% 20160 reload-into-ims override-lastmod

refresh_pattern -i \.css$ 1440 60% 20160

refresh_pattern ^http:// 1 100% 20160 reload-into-ims ignore-reload

refresh_pattern ^ftp:// 240 50% 20160

refresh_pattern ^gopher:// 240 40% 20160

refresh_pattern /cgi-bin/ 0 0% 30

refresh_pattern . 0 100% 20160 reload-into-ims

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

icp_port 3130

htcp_port 4827

icon_directory e:/squid/share/icons

error_directory e:/squid/share/errors/English

coredump_dir e:/squid/var/cache

 

 

 

Eric Young
Senior Network Engineer
Tully's Coffee Corporation
206.695.6504

 
Received on Mon Oct 29 2007 - 14:13:51 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:02 MDT