On 20/01/2017 2:37 a.m., Eduardo Carneiro wrote: > Hi everyone. > > I have a environment with one frontend server and three parent servers in > culster. The frontend server receives all client connections and forward > them to parent servers. There is no exist any authentication method in the > frontend server. In the parent servers the requests are authenticated via > KERBEROS. > > The problem is, when there are simultaneous accesses to any site, usernames, > many times, are inserted incorrectly in the access.log. Per example, the > user "userA" accesses microsoft.com, but on access.log, shows "userB". > > On the frontend server, there are these three lines: > > cache_peer server1.domain.com parent 8080 3130 round-robin sourcehash > no-query login=PASSTHRU connection-auth=on > cache_peer server2.domain.com parent 8080 3130 round-robin sourcehash > no-query login=PASSTHRU connection-auth=on > cache_peer server3.domain.com parent 8080 3130 round-robin sourcehash > no-query login=PASSTHRU connection-auth=on Please start by selecting one of round-robin and sourcehash. They are very different selection algorithms. Given that Kerberos auth requires HTTP/1 multiplexing to be disabled for the auth to work I suggest that you drop the round-robin. It forces multiplexing to be used. If the problem still remains try adding the connection-auth=on to those Squid's listening ports as well. > > I noticed that when the access is direct to some parent server, this problem > do not occurs. Only if connection pass by frontend. > > Is this a bug? > Maybe. What version of Squid are you using? This was a problem back in 3.2 and older IIRC. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
