[squid-users] Authorisation fails sometimes

From: Günter Merz <lotan_rm_at_hotmail.com>
Date: Wed, 15 Feb 2012 14:12:51 +0000

Hello,

I'm using squid_kerb_ldap (via external_acl_type) to authenticate via kerberos and authorize access via ldap groups.

This seems to work. Partly anyway. My problem  is:

Most of the traffic is authorized as shown in the access.log file which shows GETs and CONNECTs using the respective kerberos id (user_at_DOMAIN) but some GETs and CONNECTs lack that kerberos id (-) and consequently fail (TCP_DENIED).

I tested if an earlier ACL might prevent those transfers from being allowed by inserting an ACL right before the external_acl_type to allow all transfers from the host I was using. This didn't show any TCP_DENIEDs.

I also wondered if the browser could be at fault (not requesting each GET with the respective kerberos id) so I changed from Firefox to Chromium. The behaviour was identical.

Can anyone think of a reason for this behaviour or another way to debug for the cause?
                                               
Received on Wed Feb 15 2012 - 14:12:58 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 17 2012 - 12:00:03 MST