Search squid archive

problem with authentication with 3.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




   Hello Guys,

I have 2 boxes, one running squid 3.0-stable5 and other 3.0-stable6. Both hand compiled for enabling ldap authentication helpers.

I got ldap authentication running successfully on both boxes, there's no problem on that.

the problem is when i issued the 'transparent' option to my http_port parameter.

Yes i know i cannot have authentication on transparent intercepted requests, i know that. My idea of enabling transparent on that port was to allow, without authentication, some antivirus and Windows Update stuff (and some other special URLs which would be exceptions to my auth rules). Sometimes these things (antivirus updates, Windows Update, antispyware updates, etc etc) seems to not use the IE proxy settings. I would like to allow some special URLs without authentication and then got everything authenticated with LDAP as it was working.

This works fine in 2.5 which i was running until last month, just to let you know. I could enable the transparent parameters and still have authentication running.

Altough, on squid 3.0 (stable5 and stable6 tested), despite the fact i'm sure that my ldap configuration is running fine, when i add the 'transparent' option to the http_port, my authentication simply stop working and i got cache.log filled with:

2008/05/21 11:48:18| ACHChecklist::authenticated: authentication not applicable on transparently intercepted requests. 2008/05/21 11:48:18| ACHChecklist::authenticated: authentication not applicable on transparently intercepted requests. 2008/05/21 11:48:18| ACHChecklist::authenticated: authentication not applicable on transparently intercepted requests. 2008/05/21 11:48:18| ACHChecklist::authenticated: authentication not applicable on transparently intercepted requests. 2008/05/21 11:48:18| ACHChecklist::authenticated: authentication not applicable on transparently intercepted requests.

and lots of TCP_DENIED/403 on access.log, showing requests are all being denied.

it seems to be that when transparent option is enabled, squid assumes ALL requests received are transparently intercepted, which is NOT true. Simply removing the transparent from http_port make things works again (ldap authentication), which proves my browsers do have the proxy settings correctly configured.

is this transparent option/authentication behavior i noticed is expected, or it seems to be a bug ??

if this is somehow expected, i was thinking on having two http_port, one with transparent and other not. The one with transparent would be used on my iptables transparent proxy rules, and the non-transparent port would be used for configuring browsers. That way i think i can acchieve what i want.

if this behavior i noticed is not expected, then i think we got a bug here ..... even with 3.0 stable 6 which was released some days ago.

--


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@xxxxxxxxxxxxxx
	My SPAMTRAP, do not email it






[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux