Hello, I'm using squid_kerb_ldap (via external_acl_type) to authenticate via kerberos and authorize access via ldap groups. This seems to work. Partly anyway. My problem is: Most of the traffic is authorized as shown in the access.log file which shows GETs and CONNECTs using the respective kerberos id (user@DOMAIN) but some GETs and CONNECTs lack that kerberos id (-) and consequently fail (TCP_DENIED). I tested if an earlier ACL might prevent those transfers from being allowed by inserting an ACL right before the external_acl_type to allow all transfers from the host I was using. This didn't show any TCP_DENIEDs. I also wondered if the browser could be at fault (not requesting each GET with the respective kerberos id) so I changed from Firefox to Chromium. The behaviour was identical. Can anyone think of a reason for this behaviour or another way to debug for the cause?
