[squid-users] External users from Child AD domain unable to use local Squid proxy

We are using Squid on windpow as a proxy and we are having an issue
when users that come from a child domain to our office do not
authenticate properly.

Example: our domain is na.myworld.com and users from eu.myworld.com
come to our office and do not authenticate correctly
The log of the connection is below.

1271280071.727     47 172.23.5.54 TCP_DENIED/407 1766 GET
http://www.yahoo.com/ - NONE/- text/html
1271280071.774     31 172.23.5.54 TCP_DENIED/407 2082 GET
http://www.yahoo.com/ - NONE/- text/html
1271280099.086  27312 172.23.5.54 TCP_DENIED/403 1449 GET
http://www.yahoo.com/ eu\vbonafe NONE/- text/html
1271280104.258     47 172.23.5.54 TCP_DENIED/407 1763 GET
http://www.yahoo.es/ - NONE/- text/html
1271280104.289     31 172.23.5.54 TCP_DENIED/407 2079 GET
http://www.yahoo.es/ - NONE/- text/html
1271280104.524    235 172.23.5.54 TCP_DENIED/403 1447 GET
http://www.yahoo.es/ eu\vbonafe NONE/- text/html
1271280110.274    391 172.23.5.54 TCP_MISS/200 5128 GET
http://www.google.com/ -
DEFAULT_PARENT/proxy2.us.webscanningservice.com text/html
1271280110.524     63 172.23.5.54 TCP_MISS/204 494 GET
http://clients1.google.com/generate_204 -
DEFAULT_PARENT/proxy2.us.webscanningservice.com text/html
1271280110.649    157 172.23.5.54 TCP_MISS/204 434 GET
http://www.google.com/csi? - DIRECT/72.14.204.103 text/html

We have the below acl for users in the Ad global group

external_acl_type AD_global_group ttl=120 %LOGIN
c:/squid/libexec/mswin_check_ad_group.exe -G

and another acl below that allows full access thru the squid proxy
using an ad group

acl InetAllow external AD_global_group CLW.Squid.Full

any ideas????
Received on Thu Apr 15 2010 - 15:17:26 MDT