Hello Markus, It turns out it was an issue with ipv6. I recompiled and that fixed the problem. Thanks for getting back! Best, Mark On Tue, Aug 17, 2010 at 3:39 PM, Markus Moeller <huaraz@xxxxxxxxxxxxxxxx> wrote: > Can you run both squid_kerb_ldap and squid_kerb_auth with -d. It should give > a lot more details to find out why it happens > > Markus > > "Mark deJong" <dejongm@xxxxxxxxx> wrote in message > news:AANLkTikvdJu6+ysyWkDN7VxYzYTS4RtDJGF7ccNzmqyb@xxxxxxxxxxxxxxxxx >> >> Hello, >> I'm having an issue with squid_kerb_auth. It seems not all proxy >> requests are getting serviced. When falling back on NTLM the requests >> come though fine. >> >> My guess is subsequent GET requests made over Proxy_KeepAlive sessions >> are not getting serviced. I confirmed this on a trace using Wireshark >> where the client requests a page but Squid doesn't come back with an >> answer. Is this a known issue? >> >> I'm currently running squid3-3.1.6 and have seen this behavior both >> with the include squid_kerb_auth and a seperately compiled binary. >> >> squid.conf follows: >> >> >> http_port 8080 >> hierarchy_stoplist cgi-bin ? >> acl QUERY urlpath_regex cgi-bin \? >> acl apache rep_header Server ^Apache >> logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st >> "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh >> >> access_log /var/log/squid/access.log combined >> >> >> >> auth_param negotiate program /usr/libexec/squid/squid_kerb_auth -d -s >> HTTP/dc32-wgw01.nix.DOM.LOCAL@xxxxxxxxxxxxxx >> auth_param negotiate children 30 >> auth_param negotiate keep_alive on >> >> auth_param ntlm program /usr/bin/ntlm_auth >> --helper-protocol=squid-2.5-ntlmssp >> auth_param ntlm children 30 >> auth_param ntlm max_challenge_reuses 0 >> auth_param ntlm max_challenge_lifetime 2 minutes >> auth_param ntlm use_ntlm_negotiate on >> >> external_acl_type AD_US_TEMPS ttl=3600 negative_ttl=3600 %LOGIN >> /usr/bin/squid_kerb_ldap -d -g temps@xxxxxxxxxxxx >> external_acl_type AD_US_ITDEPT ttl=3600 negative_ttl=3600 %LOGIN >> /usr/bin/squid_kerb_ldap -d -g ITDept@xxxxxxxxxxxx >> >> >> >> >> >> refresh_pattern ^ftp: 1440 20% 10080 >> refresh_pattern ^gopher: 1440 0% 1440 >> refresh_pattern . 0 20% 4320 >> >> >> >> acl manager proto cache_object >> acl localhost src 127.0.0.1/32 >> acl to_localhost dst 127.0.0.0/8 >> >> acl firefox_browser browser Firefox >> >> acl UnrestrictedUsers external AD_US_ITDEPT >> acl TempUsers external AD_US_TEMPS >> acl AuthorizedUsers proxy_auth REQUIRED >> >> >> acl hq-dmz src 10.50.192.0/24 >> acl hq-servers src 10.50.64.0/23 10.50.4.0/24 >> acl hq-services src 10.50.8.0/24 10.50.2.0/24 >> acl hq-dev src 10.50.66.0/24 >> >> acl ie_urls dstdomain "/etc/squid/ie_urls.allow" >> >> acl service_urls dstdomain "/etc/squid/service_urls.allow" >> acl dev_urls dstdomain "/etc/squid/dev_urls.allow" >> acl hq-servers_urls dstdomain "/etc/squid/servers_urls.allow" >> acl temp_urls dstdomain "/etc/squid/temp_urls.allow" >> >> acl SSL_ports port 443 >> acl CONNECT method CONNECT >> >> >> http_access allow manager localhost >> http_access deny manager >> http_access deny !Safe_ports >> http_access deny CONNECT !SSL_ports >> >> >> http_access allow hq-servers hq-servers_urls >> http_access deny hq-servers >> >> http_access allow hq-services service_urls >> http_access deny hq-services >> >> http_access allow hq-dev dev_urls >> http_access deny hq-dev >> >> >> http_access allow TempUsers temp_urls >> http_access deny TempUsers all >> >> http_access allow UnrestrictedUsers >> http_access deny UnrestrictedUsers all >> >> http_access deny !AuthorizedUsers >> http_access allow all >> http_access deny all >> >> >> http_reply_access allow all >> icp_access allow all >> cache_mgr support@xxxxxxxxx >> coredump_dir /var/spool/squid >> >> >> >> Thanks, >> M. de Jong >> > > >
