Hi, I experience a problem with squid NT installed on a winXP pro member of a win2000 Active directory domain. The proxy cache works perfectly ans authentication too. But sometimes, when client use it (by Internet Explorer or firefox) it ask for login and password few time. After entering the same username and password that it was used for the connection, we can access to the cache. I have this lines in cache.log: ntlm-auth[2800]: sending 'NA Incorrect Group Membership' to squid ntlm-auth[2416]: sending 'NA Incorrect Group Membership' nto squid tlm-auth[3668]: ntlm-auth[2800]: sendinsending 'NA Incorrect Group Membership' to squid g 'NA Incorrect Group Membership' to squid ntlm-auth[3668]: sending 'NA Incorrect Group Membership' to squid ntlm-auth[3668]: sending 'NA Incorrect Group Membership' to squid ntlm-auth[3668]: sending 'NA Incorrect Group Membership' to squid [... x10] ntlm-auth[3668]: sending 'NA Incorrect Group Membership' to squid ntlm-auth[3668]: sending 'NA Incorrect Group Membership' to squid I check time between server and the winXP and it's match. #################### here is my squid.conf http_port 1248 debug_options ALL,1 maximum_object_size 15000 KB auth_param ntlm children 3 auth_param ntlm max_challenge_lifetime 2 hours auth_param ntlm max_challenge_reuses 0 auth_param ntlm program c:/squid/libexec/win32_ntlm_auth.exe -A proxy-alwd auth_param ntlm use_ntlm_negotiate on external_acl_type NT_global_group %LOGIN c:/squid/libexec/win32_check_group.exe -G -c memory_replacement_policy heap LFUDA cache_replacement_policy heap LFUDA cache_dir awin32 c:/squid/var/cache 2000 16 20 cache_mem 24 MB acl all src 0.0.0.0/0.0.0.0 acl password proxy_auth REQUIRED acl CONNECT method CONNECT acl localadr src 172.16.11.0/255.255.255.0 acl localhost src 127.0.0.1/255.255.255.255 acl manager proto cache_object acl QUERY urlpath_regex cgi-bin \? acl to_localhost dst 127.0.0.0/8 acl Safe_ports port 1025-65535 acl Safe_ports port 1863 acl Safe_ports port 20 acl Safe_ports port 21 acl Safe_ports port 210 acl Safe_ports port 280 acl Safe_ports port 443 563 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 70 acl Safe_ports port 777 acl Safe_ports port 80 acl SSL_ports port 443 563 acl internetusers external NT_global_group "c:/squid/etc/utilsdom" # --> "domain users" http_access deny !localadr http_access deny !internetusers http_access allow password http_access allow Safe_ports http_access deny manager http_access deny all logfile_rotate 12 http_reply_access allow all refresh_pattern . 0 20% 4320 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 coredump_dir c:/squid/var/cache hierarchy_stoplist cgi-bin ? icp_access allow all no_cache deny QUERY ##################### I set a group on the local machine named proxy-alwd and add the "domain users" inside. I hope that someone could help me. Best regards, Guillaume
