On 11/01/11 08:16, Brian J. Murrell wrote:
I have the following configured for authentication in my squid 3.1.1 server:
auth_param negotiate program /usr/lib/squid3/squid_kerb_auth
auth_param negotiate children 10
auth_param negotiate keep_alive on
auth_param basic program /usr/lib/squid3/pam_auth
auth_param basic children 3
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
Which works just fine in my all-linux-and-firefox-and-chromium network.
Every now and then though a Windows (7) user comes into the network and for
whatever reason proxy authentication doesn't work on those nodes.
My guess is that windows is trying to do Negotiate authentication but squid is
not able to understand what it's sending. Am I close? Any solutions?
Try to upgrade to 3.1.10. 3.1.1 is outdated with several security
vulnerabilities now. You might also try 3.2 beta release and see if the
updated auth handling there is any better for you.
Either way check the logs and try to track down exactly whether and how
the auth is failing. Guesses are not good enough sorry.
In order for auth to fail completely with that config one or more of
these must be happening:
* BOTH Negotiate and Basic protocols fail
* or, the browser fails to try the available alternatives when one breaks
* or, the browser continually sends the wrong credentials and gets
rejected
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.10
Beta testers wanted for 3.2.0.4
