[squid-users] Digest Ldap Authentication got failed for some user accounts

From: sankar m <debianlinux.ss_at_gmail.com>
Date: Mon, 12 Oct 2009 09:21:58 +0530

Dear Sir,

Thanks a lot for the response. I need to resolve this problem soon,
because the servers are in online.

My Squid version is "Squid 3.0 STABLE 15"

On Sun, Oct 11, 2009 at 2:40 AM, Henrik Nordstrom
<henrik_at_henriknordstrom.net> wrote:
> lör 2009-10-10 klockan 20:23 +0530 skrev sankar m:
>
>> I'm using "digest_ldap_auth" with "Open Ldap" combination for Digest
>> Authentication. It works well, but some users got authentication
>> failed. I'm able to get the valid hash from the LDAP server through
>> the command line,
>
> Do these users have any "odd" characters in their password? Digest
> unfortunately only works reliably for us-ascii characters.

We are using ASCII characters only, the password value contains only
characters and numerals like "de5h12", and userid contains only
alphabets.

I believe that the problem may be in the squid digest cache, because
while authentication, there has been no transaction between squid and
LDAP server. Hence, squid is referring its memory for already
authenticated users. Note that I'm running the squid server for 2 days
without restarting.

I found something strange today. Please have a close look at this issue.
My IP: 10.16.10.135
Userid: murthy
Password: blahblah

When I try to authenticate proxy, I'm getting a different user id in
the access.log line instead of the userid "murthy".

proxy1:/var/log/squid# tail -f access.log|grep 10.16.10.135

1255251231.018 21 10.16.10.135 TCP_DENIED/407 3447 GET
http://www.google.com/ chandar NONE/- text/html "Mozilla/5.0 (X11; U;
Linux i686; en-US; rv:1.9.0.14) Gecko/2009090216 Ubuntu/8.04 (hardy)
Firefox/3.0.14"

Why squid is referring some other account.? What could be wrong.? Is
that squid memory got crashed?

Kindly suggest me.

Thanks and Regards,
Sankar.M

>
>> Note that I'm running FIVE squid servers. I successfully authenticated
>> with 2nd proxy server using the same user account which got failed
>> with the first proxy server. Squid returning the TCP_DENIED/407
>> response to the client. Same userid is working when I do restart squid
>> (even reconfigure doesn't help), but I feel it is never be a right
>> way. After the successful restart, some other accounts are not
>> working.
>
> Which Squid version?

My Squid version is "Squid 3.0 STABLE 15"

>
> Regards
> Henrik
>
>
Received on Mon Oct 12 2009 - 03:52:06 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 12 2009 - 12:00:03 MDT