Hello All, Squid version: Squid 3.0 STABLE 15 OpenLdap version: 2.4.11 I'm using "digest_ldap_auth" with "Open Ldap" combination for Digest Authentication. It works well, but some users got authentication failed. I'm able to get the valid hash from the LDAP server through the command line, # echo '"myuserid":"my realm"'|/usr/local/squid/libexec/digest_ldap_auth -b "dc=mydomain,dc=example,dc=com" -u "uid" -A "l" -D "cn=replicareader,dc=mydomain,dc=example,dc=com" -W "/etc/digestreader_cred" -e -v 3 -h ldapserver.mydomain.example.com -p 389 -s sub -F "(&(objectclass=*)(uid=%s))" 56a4163324124a2ef86822eadf80ff53 I also verified the hash value manually from the below URL which is also matched perfectly. http://wiki.squid-cache.org/KnowledgeBase/LdapBackedDigestAuthentication Note that I'm running FIVE squid servers. I successfully authenticated with 2nd proxy server using the same user account which got failed with the first proxy server. Squid returning the TCP_DENIED/407 response to the client. Same userid is working when I do restart squid (even reconfigure doesn't help), but I feel it is never be a right way. After the successful restart, some other accounts are not working. See the squid Digest authentication configuration lines below, auth_param digest program /usr/local/squid/libexec/digest_ldap_auth -b "dc=mydomain,dc=example,dc=com" -u "uid" -A "l" -D "cn=replicareader,dc=mydomain,dc=example,dc=com" -W "/etc/digestreader_cred" -e -v 3 -h ldapserver.mydomain.example.com -p 389 -s sub -F "(&(objectclass=*)(uid=%s))" auth_param digest children 5 auth_param digest realm My Realm auth_param digest nonce_garbage_interval 480 minutes auth_param digest nonce_max_duration 30 minutes auth_param digest nonce_max_count 50 auth_param digest check_nonce_count on I hope somebody may faced this issue. Any help would be greatly appreciated. Thanks in advance. Thanks and Regards, Sankar.M
