Hi, I'm having a problem with a Squid 2.5.stable3 installation using squid_radius_auth and a Websense redirector on Red Hat ES r3. At times you get out even with invalid username and/or password. When makes this more fun is that it's intermittent, so I don't think it's a basic acl problem. Squid is not my strong point, so I'd appreciate any advice on how to troubleshoot this. (Of course, I've inherited the Squid box as part of my new job, and this issue has just raised its ugly head. Here I've left it alone for a few weeks thinking "Oh, it's Squid, it's working, I'll investigate it later," and now everyone's screaming.) If you enter a valid username and a password you get Internet access, as you would expect. If you enter an invalid username and an invalid password, you might get Internet access. It appears that the longer Squid is running, the greater chance you have of getting that access. If you enter a valid username and an invalid password, you get asked for a correct password. Three tries later, it kicks you out. Then hit "refresh," enter your invalid password, and you *might* get out. Maybe not. It seems that if you refresh often enough and have a bit of patience, eventually you'll get out. I've checked the radius server with "squid_rad_auth -f squid_rad_auth.conf" and gotten the proper ERR and OK messages no matter what combination of username/password I try. We have 30 children for squid_rad_auth, but increasing it to 60 didn't help. Running with debug_options ALL,9 generates a lot of cache info messages, but grepping for my bogus username gives me stuff like: 2006/04/07 14:10:30| helperSubmit: blahuser_t euhtansoeuhtnsaoeu 2006/04/07 14:10:30| authenticateBasicDecodeAuth: cleartext = 'blahuser_t:euhtansoeuhtnsaoeu' 2006/04/07 14:10:30| authBasicAuthUserFindUsername: Looking for user 'blahuser_t' 2006/04/07 14:10:30| authBasicDecodeAuth: Found user 'blahuser_t' in the user cache as '0xa4f29e8' 2006/04/07 14:10:30| authenticateStart: 'blahuser_t:euhtansoeuhtnsaoeu' 2006/04/07 14:10:30| helperSubmit: blahuser_t euhtansoeuhtnsaoeu For the above two I get prompted again, but asking again got me in with: 2006/04/07 14:10:34| authenticateBasicDecodeAuth: cleartext = 'blahuser_t:888888' 2006/04/07 14:10:34| authBasicAuthUserFindUsername: Looking for user 'blahuser_t' 2006/04/07 14:10:34| authBasicDecodeAuth: Found user 'blahuser_t' in the user cache as '0xa4f29e8' 2006/04/07 14:10:34| authenticateStart: 'blahuser_t:888888' 2006/04/07 14:10:34| helperSubmit: blahuser_t 888888 2006/04/07 14:10:34| aclMatchUser: user is blahuser_t, case_insensitive is 0 2006/04/07 14:10:34| helperSubmit: http://slashdot.org/ 10.184.184.193/- blahuser_t GET Any suggestions would be most appreciated. Thanks, ==ml -- Michael W. Lucas mwlucas@xxxxxxxxxxx, mwlucas@xxxxxxxxxxxxxxxxxxxx http://www.BlackHelicopters.org/~mwlucas/ "The cloak of anonymity protects me from the nuisance of caring." -Non Sequitur