RE: [squid-users] NTLM auth popup boxes && Solaris 8 tuning for upgrade into 2.7.4

From: Amos Jeffries <>
Date: Fri, 14 Nov 2008 16:01:49 +1300 (NZDT)

>>hello all,
>>I currently get some sun v210 boxes running solaris 8 and squid-2.6.12
>>and samba 3.0.20b I will upgrade these proxies into 2.7.4/3.0.32 next
>>monday but before doing this I would like to ask you your advices
> and/or
>>experiences with tuning these kind of boxes.
>>the service is running well today except we regularly get
> authentication
>>popup boxes. This is really exasperating our Users. I already spent lot
>>of times on the net in the hope finding a clear explanation about it
> but
>>i am still searching. I already configured starting 128 ntlm_auth
>>processes on each of my servers. This gives better results but problem
>>still remains. I also made some patching in my new package I will
> deploy
>>next week by overwrting some samba values .. below my little patch ..

Before digging deep into OS settings check your squid.conf auth, acl and
http_access settings.
Check the TTL settings on your auth config. If it's not long enough squid
will re-auth between request and reply.

For the access controls there are a number of ways they can trigger
authentication popups. %LOGIN passed to external helper, proxy_auth
REQUIRED acl, and an auth ACL being last on an http_access line.

Also, interception setups hacked with bad flags to (wrongly) permit auth
can appear working but cause popups on every object request and also leak
clients credentials to all remote sites that use auth.

Received on Fri Nov 14 2008 - 03:01:52 MST

This archive was generated by hypermail 2.2.0 : Fri Nov 14 2008 - 12:00:03 MST