I have squid setup to authenticate with my Active Directory. On my internal network it works and even does single sign-on. Externally, it prompts for user name and password (which is what I wanted really...), but no matter if I use a correct or incorrect login it rejects the login, keeps prompting and eventually says Cache Access Denied. I am guessing that it is saying Cache Access Denied because when you are on an external network you logged in with a cached version of your AD account, but why is it rejecting the authentication attempt through squid?
Squid.conf
http_port 8086
logformat common %>a %la %tl %ru %Ss %Ssh
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on
auth_param basic children 120
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
authenticate_ttl 0 seconds
...
acl authenticated proxy_auth REQUIRED
...
http_access allow authenticated
http_access deny all
I just cut out the acls dealing with allowed and blocked sites.
Is it because on an external network the computer can't actively authenticate against the AD that squid is just rejecting the login? If so, any suggestions on other external authentication methods (I don't want to do a simple user/pass setup)[This is a company environment]? If not, any ideas on why it is not accepting login on an external network, and how can I fix it?
-Josh Phillips
Judicial Correction Services IT
Received on Tue Aug 30 2011 - 15:04:20 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 31 2011 - 12:00:01 MDT