On Wed, 1 Jun 2005, Phibee Network operation Center wrote:
1- I don't know why, but all web site with a refresh have a access
denied .. my user going on the web site no problems, wait 5mn the web
site refresh and when he refresh i have a access denied
Don't know.
2- I don't know why with IE i can't going on www.ratp.fr when i use the
proxy squid. i have a box for download and not the web site .. i don't
know what is the process for debug this ... without squid the web site
work's !!!!!
access.log with log_mime_hdrs on is a good start..
3- What is the access right for accept this:
1117612694.193 0 10.206.1.251 TCP_DENIED/407 1790 GET
cache_object://10.206.1.251/counters - NONE/- text/html
1117612694.197 0 10.206.1.251 TCP_DENIED/407 1778 GET
cache_object://10.206.1.251/5min - NONE/- text/html
1117612694.201 0 10.206.1.251 TCP_DENIED/407 1781 GET
cache_object://10.206.1.251/60min - NONE/- text/html
Looks like you have someone trying to use the cachemgr interface but your
http_access rules requires authentication.
cachemgr will sent the entered username and password as basic
authentication to Squid allowing you to require authentication for these
as well.
4- i have a lot of problems of authentification, when i change the password
on my Active Directory, 3/4 hours after squid don't have
the new password ... can i said a small cache live ?
In ntlm there is no cache of the user credentials provided you run with
challenge reuses disabled (the default). If you find that the old
credentials is still accepted then this is your domain controller still
accepting the old password.
In basic there is a cache for the duration of the credentialsttl. Squid
automatically refreshes the cache when seeing a login with a different
password. It may also be the case that winbind employs a cache here
however..
Regards
Henrik
