I am running Squid2.6 stable running on Win2003 I have a stable config running with 120+ WinXP boxes and 130+ users. I have 3 Mac OSX workstations that like the XP workstations are setup with manual proxy settings. My problem is that Mac users are getting prompt every 15-20 meeting for authentication again. They are able to surf but are getting errors on RSS streams and WebDav. XP users are getting authenticated via NTLM. My config auth_param ntlm program e:/squid/libexec/mswin_ntlm_auth.exe auth_param ntlm children 5 auth_param ntlm max_challenge_lifetime 600 minutes auth_param ntlm keep_alive on external_acl_type win_domain_group ttl=120 %LOGIN e:/squid/libexec/mswin_check_lm_group.exe -G acl ProxyUsers external win_domain_group ProxyAccess acl NoProxyUsers external win_domain_group NoProxyAccess acl password proxy_auth REQUIRED http_access allow password ProxyUsers acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow !Safe_ports http_access allow localhost cache_mgr eric.young@xxxxxxxxxx httpd_suppress_version_string on visible_hostname Tullys via off forwarded_for off log_icp_queries off client_db off http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all icp_access allow all http_port x.x.x.x:8002 cache_dir ufs e:/squid/var/cache 3000 16 256 access_log e:/squid/var/logs/access.log common cache_log e:/squid/var/logs/cache.log cache_store_log e:/squid/var/logs/store.log pid_filename e:/squid/var/logs/squid.pid debug_options ALL,1 33,2 unlinkd_program e:/squid/libexec/unlinkd.exe refresh_pattern ^http://.*\.gif$ 1440 50% 20160 reload-into-ims refresh_pattern ^http://.*\.asis$ 1440 50% 20160 refresh_pattern -i \.png$ 10080 150% 40320 reload-into-ims refresh_pattern -i \.jpg$ 10080 150% 40320 reload-into-ims refresh_pattern -i \.bmp$ 10080 150% 40320 reload-into-ims refresh_pattern -i \.gif$ 10080 300% 40320 reload-into-ims refresh_pattern -i \.ico$ 10080 300% 40320 reload-into-ims refresh_pattern -i \.swf$ 10080 300% 40320 reload-into-ims refresh_pattern -i \.flv$ 10080 300% 40320 reload-into-ims refresh_pattern -i \.rar$ 10080 150% 40320 refresh_pattern -i \.ram$ 10080 150% 40320 refresh_pattern -i \.txt$ 1440 100% 20160 reload-into-ims override-lastmod refresh_pattern -i \.css$ 1440 60% 20160 refresh_pattern ^http:// 1 100% 20160 reload-into-ims ignore-reload refresh_pattern ^ftp:// 240 50% 20160 refresh_pattern ^gopher:// 240 40% 20160 refresh_pattern /cgi-bin/ 0 0% 30 refresh_pattern . 0 100% 20160 reload-into-ims acl apache rep_header Server ^Apache broken_vary_encoding allow apache icp_port 3130 htcp_port 4827 icon_directory e:/squid/share/icons error_directory e:/squid/share/errors/English coredump_dir e:/squid/var/cache Eric Young Senior Network Engineer Tully's Coffee Corporation 206.695.6504
