Re: [squid-users] Re: fakeauth_auth for logging on Ubuntu builds

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 23 Jul 2010 01:50:42 +1200

rscho wrote:
> Thanks Amos,
>
> Yes, you're correct we are using the the version built by Acme, I thought
> the two were the same.
>
> I think you're correct about my misconception as to the way fakeauth works
> as well. You say the silent part comes from the browser being able to fetch
> NTLM credentials from the OS? In our case both IE and Mozilla browsers can
> retrieve this information when their proxy is set to the existing Windows
> Squid (no popup appears) but when the proxy is set to the Ubuntu Squid a
> popup always appears regardless of the Squid authenticator we're using. When
> you say "It only becomes a popup when the
> browser sends invalid credentials and gets challenged to supply valid ones",
> it suggests that the authenticators we're using initially receive invalid
> credentials but then approve them because after popup appears and the user
> supplies them (even if they're rubbish) it "authenticates" them and allows
> browsing.
>
> I don't understand why the initial request from the browser to the proxy
> fails but after refreshing the page a popup appears, values are entered and
> browsing is permitted. Do you have any thoughts on this?
>
> Thanks for your perl link, although it doesn't seem to work where the other
> two do. I'm using it like this:
>
> auth_param basic program /usr/bin/perl /etc/squid3/no_check.pl
> # A perl authenticator
> #auth_param basic program /etc/squid3/GetUserID
> # A 'C' authenticator
> #auth_param basic program /usr/bin/php /etc/squid3/PHP_Check.php #
> A php authenticator
> auth_param basic children 5
> auth_param basic realm XYZ
> .
> .
> Is this correct? It asks for credentials 3 times and whether correct or not
> eventually fails. Using auth_param ntlm..... doesn't work at all.

fakeauth_auth is an NTLM protocol auth helper. Which is why I replied
with the no_check.pl one. They do exactly the same things which are not
the same as Basic protocol auth.

Since it does not work when configured with NTLM there is something else
going on. Check your persistent connections are all turned on in Squid.
If its not that then something in the browsers retrieval may be going wrong.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.5
Received on Thu Jul 22 2010 - 13:50:52 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 22 2010 - 12:00:05 MDT