Michael_Grasso_at_cadc.uscourts.gov wrote:
> I'm running Squid 3.0 Stable 21. I have two reverse proxy sites setup with
> LDAP authentication enabled.
How is the authentication prompted for (is it using HTTP auth, or a form)?
> When I access either site, authentication
> works fine. My problem is when I'm authenticated to one site and access
> something on the other site, I get prompted to authenticate again. I can't
> figure out why.
If you are using basic HTTP authentication, it's because the browser has
not been configured such that intranet.cadc.circdc.dcn is in any way
related to www.cadc.circdc.dcn. If you are using form based
authentication, you'll have to talk with the person who set that up.
> Any help is appreciated. Below is my squid.con settings.
>
> acl ldap-auth proxy_auth REQUIRED
> http_access allow ldap-auth
>
> http_port x.x.x.x:80 accel defaultsite=intranet.cadc.circdc.dcn
> cache_peer x.x.x.x parent 80 0 no-query originserver name=intranet1
> round-robin
> cache_peer x.x.x.x parent 80 0 no-query originserver name=intranet2
> round-robin
> acl sites_intranet dstdomain intranet.cadc.circdc.dcn
> http_access allow sites_intranet
> cache_peer_access intranet1 allow sites_intranet
> cache_peer_access intranet2 allow sites_intranet
>
> http_port x.x.x.x:80 accel defaultsite=www.cadc.circdc.dcn
> cache_peer x.x.x.x parent 80 0 no-query originserver name=iis
> acl sites_iis dstdomain www.cadc.circdc.dcn
> http_access allow sites_iis
> cache_peer_access iis allow sites_iis
>
> http_access deny all
>
One workaround to the functionality of basic HTTP auth would be to put
all of your data under one domain and let Squid pass the data to the
peers based on URL
http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers#Other_Criteria_than_Domain
> Mike Grasso
> Data Network Administrator
> DC Circuit Court of Appeals
> (202) 216-7443
>
Chris
Received on Tue Jan 05 2010 - 23:53:21 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 06 2010 - 12:00:02 MST