Search squid archive

Re: Re: fakeauth_auth for logging on Ubuntu builds

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

rscho wrote:

Thanks Amos,

Yes, you're correct we are using the the version built by Acme, I thought
the two were the same.

I think you're correct about my misconception as to the way fakeauth works
as well. You say the silent part comes from the browser being able to fetch
NTLM credentials from the OS? In our case both IE and Mozilla browsers can
retrieve this information when their proxy is set to the existing Windows
Squid (no popup appears) but when the proxy is set to the Ubuntu Squid a
popup always appears regardless of the Squid authenticator we're using. When
you say "It only becomes a popup when the
browser sends invalid credentials and gets challenged to supply valid ones",
it suggests that the authenticators we're using initially receive invalid
credentials but then approve them because after popup appears and the user
supplies them (even if they're rubbish) it "authenticates" them and allows
browsing.

I don't understand why the initial request from the browser to the proxy
fails but after refreshing the page a popup appears, values are entered and
browsing is permitted. Do you have any thoughts on this?

Thanks for your perl link, although it doesn't seem to work where the other
two do. I'm using it like this:
auth_param basic program /usr/bin/perl /etc/squid3/no_check.pl # A perl authenticator #auth_param basic program /etc/squid3/GetUserID # A 'C' authenticator 
#auth_param basic program /usr/bin/php /etc/squid3/PHP_Check.php           #
A php authenticator
auth_param basic children 5
auth_param basic realm XYZ
.
.
Is this correct? It asks for credentials 3 times and whether correct or not
eventually fails. Using auth_param ntlm..... doesn't work at all.
fakeauth_auth is an NTLM protocol auth helper. Which is why I replied with the no_check.pl one. They do exactly the same things which are not the same as Basic protocol auth.
Since it does not work when configured with NTLM there is something else going on. Check your persistent connections are all turned on in Squid. If its not that then something in the browsers retrieval may be going wrong. 

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.5
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux