Re: [squid-users] Digest Ldap Authentication got failed for some user accounts

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Mon, 12 Oct 2009 16:21:37 +0200

Which Squid version?

mån 2009-10-12 klockan 10:20 +0530 skrev sankar m:
> Dear Sir,
>
> Here are some additional details that may help.
>
> Unique authenticated users per proxy : 315 users/day
> Proxy utilization per day : 20 GB per day
> Squid Disk cache : Disabled
>
> System memory and load status:
>
> Mem: 8183880k total, 5938872k used, 2245008k free, 524284k buffers
> load average: 0.76, 0.65, 0.64
>
> System Processor : Intel(R) Xeon(R) CPU 2.83GHz Quad-Core
> System Memory : 8 GB
>
> Please ask me for any additional information if required.
>
> Regards,
> Sankar.M
>
> Squid configured with,
>
> # ./configure --prefix=/usr/local/squid
> --localstatedir=/var/logs/squid --exec-prefix=/usr/local/squid
> --enable-linux-netfilter --disable-ident-lookups
> --with-filedescriptors=8192 --enable-snmp --enable-delay-pools
> --enable-cache-digests --enable-poll --enable-truncate
> --enable-removal-policies --enable-auth="basic digest"
> --enable-auth-basic-helpers=squid_radius_auth
> --enable-digest-auth-helpers=ldap
>
>
> On 10/11/09, Henrik Nordstrom <henrik_at_henriknordstrom.net> wrote:
> > lör 2009-10-10 klockan 20:23 +0530 skrev sankar m:
> >
> >> I'm using "digest_ldap_auth" with "Open Ldap" combination for Digest
> >> Authentication. It works well, but some users got authentication
> >> failed. I'm able to get the valid hash from the LDAP server through
> >> the command line,
> >
> > Do these users have any "odd" characters in their password? Digest
> > unfortunately only works reliably for us-ascii characters.
> >
> >> Note that I'm running FIVE squid servers. I successfully authenticated
> >> with 2nd proxy server using the same user account which got failed
> >> with the first proxy server. Squid returning the TCP_DENIED/407
> >> response to the client. Same userid is working when I do restart squid
> >> (even reconfigure doesn't help), but I feel it is never be a right
> >> way. After the successful restart, some other accounts are not
> >> working.
> >
> > Which Squid version?
> >
> > Regards
> > Henrik
> >
> >
Received on Mon Oct 12 2009 - 14:21:42 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 12 2009 - 12:00:03 MDT