I have squid configured with kerberos (squid_kerb_auth) to authenticate users against Active Directory. The SSO is working well for users logged on domain... For users out of domain, I configured squid_ldap_auth + squid_ldap_group. However, the authentication only work after the third try of user... Is there a way to fix that? I want that users put their credentials just one time to authentication... Our OS is Windows XP and Windows 7.. both with EI9 + Firefox + Chrome May you help me? Thanks in advance... Bellow is what I have in squid.conf (section about authentication): ######################################################### auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d -s HTTP/server.domain.local auth_param negotiate children 10 auth_param negotiate keep_alive on auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b "dc=domain,dc=local" -D squid@DOMAIN.LOCAL -w "@mypass" -f sAMAccountName=%s -h server.domain.local -d auth_param basic children 5 auth_param basic realm Internet Authentication auth_param basic credentialsttl 2 hours auth_param basic keep_alive off external_acl_type memberof %LOGIN /usr/lib/squid3/squid_ldap_group -R -K -b "dc=domain,dc=local" -D squid@DOMAIN.LOCAL -w "@mypass" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=$ acl INTERNET_Perfil_Avancado external memberof INTERNET_Perfil_Avancado acl INTERNET_Perfil_Basico external memberof INTERNET_Perfil_Basico acl INTERNET_Perfil_Padrao external memberof INTERNET_Perfil_Padrao acl INTERNET_Perfil_Padrao_Sociais external memberof INTERNET_Perfil_Padrao_Sociais acl auth proxy_auth REQUIRED ######################################################### -- Alípio Luiz [Squidy] | Brasil - Cuiabá/MT Email/GTalk: alipio.luiz [arroba] gmail.com Skype: alipio.luiz Linux User #251497
