dear all, my reverse proxy for OWA with squid2.6stable9 on RH ES4.U1 works fine. Now I'm trying to add an authentication but I see an unusual behaviour For that I'm using squid3 (daily auto-generated released last friday) My squid.conf: cache_effective_user squid cache_effective_group squid https_port 10.10.145.1:443 accel cert=/usr/local/squid/etc/wmail.crt key=/usr/local/squid/etc/wmail.key defaultsite=dondy.tc-express.it cache_peer egd-srv-1.tc-express.it parent 443 0 front-end-https=on ssl sslcert=/usr/local/squid/etc/host.crt sslkey=/usr/local/squid/etc/host.key sslflags=DONT_VERIFY_PEER no-query originserver login=PASS visible_hostname dondy.tc-express.it auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd #auth_param basic program /usr/local/squid/libexec/pam_auth auth_param basic children 2 auth_param basic realm ReverseProxy_ncsa #auth_param basic realm ReverseProxy_pam auth_param basic credentialsttl 15 minutes acl pippo proxy_auth REQUIRED acl allowed_hosts src 0.0.0.0/0.0.0.0 acl all src 0.0.0.0/0.0.0.0 #http_access allow allowed_hosts http_access allow allowed_hosts pippo icp_port 0 redirect_rewrites_host_header off emulate_httpd_log on log_fqdn on logfile_rotate 4 access_log /usr/local/squid/var/logs/access.log cache_log /usr/local/squid/var/logs/cache.log cache_store_log /usr/local/squid/var/logs/store.log never_direct allow all I'm using 'tce' as local squid authentication and alberto.dondana as OWA basic authentication. What happens: two authentication level seems working fine, but immediately my reverse proxy start sending OWA one packet with right user 'alberto.dondana', the second with wrong user 'tce', then 'right user again and so on... as seen in access.log below: 10.10.145.1 - alberto.dondana [06/Mar/2007:16:14:02 +0100] "GET https://dondy.tc-express.it/exchange <https://dondy.tc-express.it/exchange> HTTP/1.1" 401 2805 TCP_DENIED:NONE 10.10.145.1 - tce [06/Mar/2007:16:14:02 +0100] "GET https://dondy.tc-express.it/exchange <https://dondy.tc-express.it/exchange> HTTP/1.1" 401 412 TCP_MISS:FIRST_UP_PARENT 10.10.145.1 - alberto.dondana [06/Mar/2007:16:14:02 +0100] "GET https://dondy.tc-express.it/exchange <https://dondy.tc-express.it/exchange> HTTP/1.1" 401 2805 TCP_DENIED:NONE 10.10.145.1 - tce [06/Mar/2007:16:14:02 +0100] "GET https://dondy.tc-express.it/exchange <https://dondy.tc-express.it/exchange> HTTP/1.1" 401 412 TCP_MISS:FIRST_UP_PARENT 10.10.145.1 - alberto.dondana [06/Mar/2007:16:14:02 +0100] "GET https://dondy.tc-express.it/exchange <https://dondy.tc-express.it/exchange> HTTP/1.1" 401 2805 TCP_DENIED:NONE 10.10.145.1 - tce [06/Mar/2007:16:14:02 +0100] "GET https://dondy.tc-express.it/exchange <https://dondy.tc-express.it/exchange> HTTP/1.1" 401 412 TCP_MISS:FIRST_UP_PARENT 10.10.145.1 - alberto.dondana [06/Mar/2007:16:14:02 +0100] "GET https://dondy.tc-express.it/exchange <https://dondy.tc-express.it/exchange> HTTP/1.1" 401 2805 TCP_DENIED:NONE 10.10.145.1 - tce [06/Mar/2007:16:14:02 +0100] "GET https://dondy.tc-express.it/exchange <https://dondy.tc-express.it/exchange> HTTP/1.1" 401 412 TCP_MISS:FIRST_UP_PARENT 10.10.145.1 - alberto.dondana [06/Mar/2007:16:14:02 +0100] "GET https://dondy.tc-express.it/exchange <https://dondy.tc-express.it/exchange> HTTP/1.1" 401 2805 TCP_DENIED:NONE 10.10.145.1 - tce [06/Mar/2007:16:14:02 +0100] "GET https://dondy.tc-express.it/exchange <https://dondy.tc-express.it/exchange> HTTP/1.1" 401 412 TCP_MISS:FIRST_UP_PARENT 10.10.145.1 - alberto.dondana [06/Mar/2007:16:14:02 +0100] "GET https://dondy.tc-express.it/exchange <https://dondy.tc-express.it/exchange> HTTP/1.1" 401 2805 TCP_DENIED:NONE 10.10.145.1 - tce [06/Mar/2007:16:14:02 +0100] "GET https://dondy.tc-express.it/exchange <https://dondy.tc-express.it/exchange> HTTP/1.1" 401 412 TCP_MISS:FIRST_UP_PARENT I emulated the same behaviour in my pc (Fedora C5) If I'm using pam and locally in squid server I added a user with same credentials of OWA one (but I use a different user for first squid authentication) every works well.. Any ideas? Thanks Alberto
