Re: [squid-users] OWA accelerator authentication weirdness

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 11 Jan 2009 17:59:05 +1300

Alan Lehman wrote:
>>>>>> The order in which our auth_param lines are configured can alter
>> the
>>>>>> first authentication method tried. You will need to look at the
>>>>>> debugging trace in cache.log to see which is generating which
>>>> question
>>>>>> Amos
>>>>> Only basic is enabled:
>>>>> auth_param basic children 5
>>>>> auth_param basic realm Squid proxy-caching web server
>>>>> auth_param basic credentialsttl 2 hours
>>>>>
>>>>> Do I need to select a program for basic?
>>>>>
>>>>> found in cache.log:
>>>>> 2009/01/08 14:38:19.713| CacheManager::registerAction: registering
>>>> legacy basicauthenticator
>>>>> 2009/01/08 14:38:19.713| CacheManager::findAction: looking for
>> action
>>>> basicauthenticator
>>>>> 2009/01/08 14:38:19.713| CacheManager::registerAction: registered
>>>> basicauthenticator
>>>>> 2009/01/08 14:41:22.010| CacheManager::registerAction: registering
>>>> legacy basicauthenticator
>>>>> 2009/01/08 14:41:22.010| CacheManager::registerAction: registered
>>>> basicauthenticator
>>>>> The OWA web server has both basic and "Windows Integrated
>>>> Authentication" enabled. If I disable "windows integrated", OWA
>> works
>>>> fine, but I need activesync also, which does not work without
>> "windows
>>>> integrated" enabled.
>>>>> Thanks,
>>>>> Alan
>>>> Um, further on my other email.
>>>> Try some of the settings to disable pass-thru on the specific ports
>>>> and/or peer:
>>>>
>>>> http://wiki.squid-cache.org/Features/ConnPin
>>>
>>> My config pretty much follows the wiki example for OWA accelerator.
>> Squid 3.1.0.3. I'm using the same port for OWA and Activesync. I just
>> added connection-auth=off on https_port and removed all auth_param
>> lines, and that took care of my problem.
>> Before I go recommending this as a general fix in 3.1, are BOTH of
>> those
>> changes needed for it to work?
>>
>> I know there are people using Squid+OWA in multi-mode who may need auth
>> for other things. Can we get away with just "connection-auth=off" on
>> the
>> port?
>>
>>
>> Amos
>
> The auth_param lines don't seem to make any difference. It works for me with them in.
>

Great. I'll get the wiki updated.

Thanks for your help finding this and testing the solution.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
   Current Beta Squid 3.1.0.3
Received on Sun Jan 11 2009 - 05:00:43 MST

This archive was generated by hypermail 2.2.0 : Tue Jan 13 2009 - 12:00:03 MST