Version: ii squid3 3.0.STABLE2-1 A full featured Web Proxy cache (HTTP proxy) The Problem: Digest auth doesn't work anymore The users aren't even being asked for a username/password. All they get is a rejection page (access denied). In the log I get: 1205999382.801 0 172.19.32.82 TCP_DENIED/407 2813 GET http://www.google.de/ - NONE/- text/html 1205999384.457 0 172.19.32.82 TCP_DENIED/407 2813 GET http://www.google.de/ - NONE/- text/html 1205999385.320 0 172.19.32.82 TCP_DENIED/407 2813 GET http://www.google.de/ - NONE/- text/html 1205999386.409 0 172.19.32.82 TCP_DENIED/407 2813 GET http://www.google.de/ - NONE/- text/html 1205999387.455 0 172.19.32.82 TCP_DENIED/407 2813 GET http://www.google.de/ - NONE/- text/html 1205999388.167 0 172.19.32.82 TCP_DENIED/407 2813 GET http://www.google.de/ - NONE/- text/html 1205999389.011 0 172.19.32.82 TCP_DENIED/407 2813 GET http://www.google.de/ - NONE/- text/html My config: ------- snip ------ http_port 3128 cache_peer 127.0.0.1 parent 3129 0 no-query default hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_access_log /var/log/squid/access-wlan.log cache_log none cache_store_log none pid_filename /var/run/squid-wlan.pid hosts_file /etc/hosts auth_param digest program /usr/lib/squid3/digest_pw_auth /etc/squid/wlan-proxyauth.digest auth_param digest children 10 auth_param digest realm Hualp! auth_param digest nonce_garbage_interval 5 minutes auth_param digest nonce_max_duration 30 minutes auth_param digest nonce_max_count 50 auth_param digest post_workaround on refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost acl to_internal_networks dst 10.0.0.0/8 141.42.0.0/16 160.45.172.0/255.255.252.0 160.45.176.0/255.255.240.0 160.45.192.0/255.255.240.0 172.16.0.0/255.240.0.0 192.168.0.0/16 193.175.64.0/255.255.248.0 acl to_dmz dst 193.175.72.0/24 193.175.74.0/24 141.42.4.0/26 141.42.4.64/26 141.42.4.128/26 141.42.4.192/26 acl to_webmail dst webmail.charite.de acl to_zugang dst zugang.charite.de http_access allow to_webmail http_access allow CONNECT to_webmail http_access allow to_zugang http_access allow CONNECT to_zugang http_access deny to_internal_networks http_access deny CONNECT to_internal_networks acl digestauthentifizierung proxy_auth REQUIRED http_access allow digestauthentifizierung http_access deny all http_reply_access allow all icp_access allow all visible_hostname wlan-proxy.charite.de always_direct allow CONNECT SSL_ports never_direct allow all error_directory /usr/share/squid3/errors/German snmp_port 0 coredump_dir /var/spool/squid ------- snip ------ /etc/squid/wlan-proxyauth.digest contains: st51:CVK Testing the authenticator: # su - proxy $ /usr/lib/squid3/digest_pw_auth /etc/squid/wlan-proxyauth.digest "st51":"CVK" 6247d0eea64cfb87a71ab2d65de99a6d "st51":"bullshit" 483cffce047c51d30070337fea523369 (What does that H(A1) value tell me??) -- Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@xxxxxxxxxx Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to snickebo@xxxxxxxxxx
