Hi Amos;
Thanks you for this complete response.
You're true, I have to upgrade my Debian :) soon !
For the conf, I have put this value in my squid.conf
auth_param ntlm keep_alive off
auth_param negotiate keep_alive off
but it seems it's not working (one user have call me).... to be sure,
i'm waiting more user's return.
Alex
Le 01/07/2015 13:58, Amos Jeffries a écrit :
On 1/07/2015 8:55 p.m., Alexandre Magnat wrote:
Hello,
I use Squid3 (3.1.20)
Please upgrade.
with Squidguard filtering linked with an user 's
authentication on a OpenLDAP.
But, recurrently, Firefox, Thunderbird, Chrome (certainly IE) ask again
frequently the login and password in a popup.
It seem, the popup authentication appear when the browser try a request
on a CONNECT method like this:
172.16.1.215 - - [01/Jul/2015:10:40:18 +0200] "CONNECT
fhr.data.mozilla.com:443 HTTP/1.1" 407 3812 TCP_DENIED:NONE
or like this:
172.16.1.207 - - [01/Jul/2015:10:39:40 +0200] "CONNECT
safebrowsing.google.com:443 HTTP/1.1" 407 3824 TCP_DENIED:NONE
1) no credentials were presented. Thus 407 - Auth required.
OR
2) credentials presented were rejected by the auth system. Thus 407 -
Auth requires different credentials (or scheme).
OR
3) NTLM or Negotiate handshake underway. Thus 407 - Auth requires
handshake completion.
But, I think, I have configured correctly Squid3 for accept this kind of
request:
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
Those lines have nothing to do with auth. They are for rejecting non-
port 443 connection attempts.
It's a boring problem for my user to have 4 or 5 times per day this kind
of popup :-(
Anybody have an idea for helping me to resolve this ?
Firefox and Thunderbird it may be
<https://bugzilla.mozilla.org/show_bug.cgi?id=318253>. I'm not sure how
long it will take Mozilla to get a fixed version of their software out.
At least they have now finally found the problem.
Chrome and IE may have similar issues. They all tend to copy each others
behaviour with things like this.
Meanwhile there is a workaround that should work - add whichever is
relavant to your config:
auth_param ntlm keep_alive off
auth_param negotiate keep_alive off
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
