Dear all,
i'm facing a strange problem using squid 3.5.20 with ntlm transparent authentication.
I cannot use kerberos auth because i need to pass DOMAIN\user to my parent proxy with x-authenticated-user header, and the form USERNAME@DOMAIN is not supported.
Users can surf the web without problems but, sometimes, they receive request credential popup from browser (explorer, edge, mozilla and chrome it does not matter).
auth_param ntlm program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 300 startup=200 idle=10 concurrency=0
auth_param ntlm keep_alive on
auth_param basic program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 25 startup=15 idle=5 concurrency=0
auth_param basic realm PROXY AUTHORIZATION REQUIRED
auth_param basic credentialsttl 30 minutes
authenticate_cache_garbage_interval 1 hours
authenticate_ttl 30 minutes
authenticate_ip_ttl 30 minutes
auth_param basic children 25 startup=15 idle=5 concurrency=0
auth_param basic realm PROXY AUTHORIZATION REQUIRED
auth_param basic credentialsttl 30 minutes
authenticate_cache_garbage_interval 1 hours
authenticate_ttl 30 minutes
authenticate_ip_ttl 30 minutes
I migrated from squid 2.6.x and, with similar configuration, the required credentials was displayed only when the password was expired.
In this situation, users must click on abort button many times to restore a good situation, but i cannot understand why the request popup suddenly.
Is this a credentials cache timeout problm (authenticate_ttl 30 minutes)?
Is this a problem in the browser?
Is this a comunication problem with squind and Active Directory?
I would like to undestrand why, so i need advices to start debug and find a solution.
Any help will be much appreciated.
Best Regards.
Giulius.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
