I did a test setting the parameter keep_alive to off in auth_param negotiate. It worked... A question: Is there any problem on keeping the keep_alive parameter off? 2013/4/3 Pavel Bychykhin <bychykhin.p.n@xxxxxxxxx>: > I had a similar problem solved it by running a two instance of Squid. > The first instance uses the negotiate_wrapper for GSSAPI and NTLM helpers. > The second one uses basic and digest schemes. > As i understand it, the fact is that the browsers themselves choose what > kind scheme to use. > I.e., one browser would prefer the negotiate scheme than basic. > Another browser would use the scheme that is first in the list. > > > 02.04.2013 21:39, Alípio Luiz пишет: > >> I have squid configured with kerberos (squid_kerb_auth) to >> authenticate users against Active Directory. The SSO is working well >> for users logged on domain... >> >> For users out of domain, I configured squid_ldap_auth + >> squid_ldap_group. However, the authentication only work after the >> third try of user... >> >> Is there a way to fix that? I want that users put their credentials >> just one time to authentication... >> Our OS is Windows XP and Windows 7.. both with EI9 + Firefox + Chrome >> >> May you help me? >> Thanks in advance... >> >> Bellow is what I have in squid.conf (section about authentication): >> ######################################################### >> auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d -s >> HTTP/server.domain.local >> auth_param negotiate children 10 >> auth_param negotiate keep_alive on >> >> auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b >> "dc=domain,dc=local" -D squid@DOMAIN.LOCAL -w "@mypass" -f >> sAMAccountName=%s -h server.domain.local -d >> auth_param basic children 5 >> auth_param basic realm Internet Authentication >> auth_param basic credentialsttl 2 hours >> auth_param basic keep_alive off >> >> external_acl_type memberof %LOGIN /usr/lib/squid3/squid_ldap_group -R >> -K -b "dc=domain,dc=local" -D squid@DOMAIN.LOCAL -w "@mypass" -f >> "(&(objectclass=person)(sAMAccountName=%v)(memberof=$ >> >> acl INTERNET_Perfil_Avancado external memberof INTERNET_Perfil_Avancado >> acl INTERNET_Perfil_Basico external memberof INTERNET_Perfil_Basico >> acl INTERNET_Perfil_Padrao external memberof INTERNET_Perfil_Padrao >> acl INTERNET_Perfil_Padrao_Sociais external memberof >> INTERNET_Perfil_Padrao_Sociais >> >> acl auth proxy_auth REQUIRED >> ######################################################### >> -- >> Alípio Luiz [Squidy] | Brasil - Cuiabá/MT >> Email/GTalk: alipio.luiz [arroba] gmail.com >> Skype: alipio.luiz >> Linux User #251497 >> > > -- > Best regards, > Pavel -- Alípio Luiz [Squidy] | Brasil - Cuiabá/MT Email/GTalk: alipio.luiz [arroba] gmail.com MSN: alipio.luiz [arroba] hotmail.com Skype: alipio.luiz Linux User #251497
