put keep at off but no change.
I don't think's that it's malware, it's not all time the same username
today, 5 new usernames with the same problems between 13:20 and 16:15
i don't understand the problems :<
2016-03-30 12:56 GMT+02:00 Amos Jeffries <squid3@xxxxxxxxxxxxx>:
On 30/03/2016 9:40 p.m., Olivier CALVANO wrote:
> Hi
>
> I use:
>
> ## negotiate kerberos and ntlm authentication
> auth_param negotiate program /usr/local/bin/negotiate_wrapper --ntlm
> /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
> --kerberos /usr/lib64/squid/squid_kerb_auth -d -s GSS_C_NO_NAME
> auth_param negotiate children 100 startup=10 idle=1
> auth_param negotiate keep_alive on
>
> ## Module d'authentification NTLM
> auth_param ntlm program /usr/bin/ntlm_auth --diagnostics
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 100 startup=10 idle=1
> auth_param ntlm keep_alive on
Try with "keep_alive off" on both of those auth methods. This does not
conflict with connection keep-alive in genral, just closes the
connection at a very specific time in the auth handshake. Without that
certain IE and Firefox can have problems authenticating properly.
Given that the client waited 20 minutes for those WU requests to happen
I doubt it is an actual user. Probably an automated WU background
process doing its thing while they happen to be logged in. Which means
the IE behaviour is relevant.
The yahoo.fr request being 1 hr long is very odd though. That is
something I'd expect to see from a real person user. But not waiting an
hour for. Could they be infected with some toolbar malware?
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
