[squid-users] External Authentication Error

From: Josh Phillips <jphillips_at_judicialservices.com>
Date: Tue, 30 Aug 2011 10:04:12 -0500 (CDT)

I have squid setup to authenticate with my Active Directory. On my internal network it works and even does single sign-on. Externally, it prompts for user name and password (which is what I wanted really...), but no matter if I use a correct or incorrect login it rejects the login, keeps prompting and eventually says Cache Access Denied. I am guessing that it is saying Cache Access Denied because when you are on an external network you logged in with a cached version of your AD account, but why is it rejecting the authentication attempt through squid?


        http_port 8086

        logformat common %>a %la %tl %ru %Ss %Ssh

        auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp

        auth_param ntlm children 5

        auth_param ntlm keep_alive on

        auth_param basic children 120

        auth_param basic realm Squid proxy-caching web server

        auth_param basic credentialsttl 2 hours

        auth_param basic casesensitive off

        authenticate_ttl 0 seconds

        acl authenticated proxy_auth REQUIRED


        http_access allow authenticated

        http_access deny all

I just cut out the acls dealing with allowed and blocked sites.

Is it because on an external network the computer can't actively authenticate against the AD that squid is just rejecting the login? If so, any suggestions on other external authentication methods (I don't want to do a simple user/pass setup)[This is a company environment]? If not, any ideas on why it is not accepting login on an external network, and how can I fix it?

-Josh Phillips
Judicial Correction Services IT
Received on Tue Aug 30 2011 - 15:04:20 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 31 2011 - 12:00:01 MDT