Re: [squid-users] squid_ldap_auth - authentication only after 3 try

From: Alípio Luiz <alipio.luiz_at_gmail.com>
Date: Wed, 3 Apr 2013 13:58:19 -0400

I did a test setting the parameter keep_alive to off in auth_param
negotiate. It worked...
A question: Is there any problem on keeping the keep_alive parameter off?

2013/4/3 Pavel Bychykhin <bychykhin.p.n_at_hts.kh.ua>:
> I had a similar problem solved it by running a two instance of Squid.
> The first instance uses the negotiate_wrapper for GSSAPI and NTLM helpers.
> The second one uses basic and digest schemes.
> As i understand it, the fact is that the browsers themselves choose what
> kind scheme to use.
> I.e., one browser would prefer the negotiate scheme than basic.
> Another browser would use the scheme that is first in the list.
>
>
> 02.04.2013 21:39, Alípio Luiz пишет:
>
>> I have squid configured with kerberos (squid_kerb_auth) to
>> authenticate users against Active Directory. The SSO is working well
>> for users logged on domain...
>>
>> For users out of domain, I configured squid_ldap_auth +
>> squid_ldap_group. However, the authentication only work after the
>> third try of user...
>>
>> Is there a way to fix that? I want that users put their credentials
>> just one time to authentication...
>> Our OS is Windows XP and Windows 7.. both with EI9 + Firefox + Chrome
>>
>> May you help me?
>> Thanks in advance...
>>
>> Bellow is what I have in squid.conf (section about authentication):
>> #########################################################
>> auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d -s
>> HTTP/server.domain.local
>> auth_param negotiate children 10
>> auth_param negotiate keep_alive on
>>
>> auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b
>> "dc=domain,dc=local" -D squid_at_DOMAIN.LOCAL -w "@mypass" -f
>> sAMAccountName=%s -h server.domain.local -d
>> auth_param basic children 5
>> auth_param basic realm Internet Authentication
>> auth_param basic credentialsttl 2 hours
>> auth_param basic keep_alive off
>>
>> external_acl_type memberof %LOGIN /usr/lib/squid3/squid_ldap_group -R
>> -K -b "dc=domain,dc=local" -D squid_at_DOMAIN.LOCAL -w "@mypass" -f
>> "(&(objectclass=person)(sAMAccountName=%v)(memberof=$
>>
>> acl INTERNET_Perfil_Avancado external memberof INTERNET_Perfil_Avancado
>> acl INTERNET_Perfil_Basico external memberof INTERNET_Perfil_Basico
>> acl INTERNET_Perfil_Padrao external memberof INTERNET_Perfil_Padrao
>> acl INTERNET_Perfil_Padrao_Sociais external memberof
>> INTERNET_Perfil_Padrao_Sociais
>>
>> acl auth proxy_auth REQUIRED
>> #########################################################
>> --
>> Alípio Luiz [Squidy] | Brasil - Cuiabá/MT
>> Email/GTalk: alipio.luiz [arroba] gmail.com
>> Skype: alipio.luiz
>> Linux User #251497
>>
>
> --
> Best regards,
> Pavel

-- 
Alípio Luiz [Squidy] | Brasil - Cuiabá/MT
Email/GTalk: alipio.luiz [arroba] gmail.com
MSN: alipio.luiz [arroba] hotmail.com
Skype: alipio.luiz
Linux User #251497
Received on Wed Apr 03 2013 - 17:58:48 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 04 2013 - 12:00:04 MDT