I am running 2.5.STABLE2 with squid-2.5.STABLE2-concurrent_external_acl.patch This did not work without the conncurrent_external_acl.patch either.
I am having trouble using cache_peer_access with groups and NTLM. This works perfectly with Mozilla and Basic auth but not with NTLM (IE6 or IE5.5). Sometimes the page comes up with broken images and sometimes I get "Unable to forward this request at this time." It seems that it is failing to pick a cache_peer. I turned on some debug_options and it appears that the auth info is lost at some point when using NTLM. It works ... 2003/03/24 13:56:04| aclCheckFast: list: 0x821a6d0 2003/03/24 13:56:04| aclMatchAclList: checking Staff 2003/03/24 13:56:04| aclMatchAcl: checking 'acl Staff external nt_group Staff' 2003/03/24 13:56:04| aclMatchExternal: acl="nt_group" 2003/03/24 13:56:04| authenticateAuthenticate: header NTLM TlRMTVNTUAADAAAAGAAYAF....[snip].... 2003/03/24 13:56:04| authenticateAuthenticate: This is a new checklist test on FD:-1 2003/03/24 13:56:04| authenticateAuthUserRequestLock auth_user request '0x87087a0'. 2003/03/24 13:56:04| authenticateAuthUserRequestLock auth_user request '0x87087a0' now at '3'. 2003/03/24 13:56:04| authenticateValidateUser: Validating Auth_user request '0x87087a0'. 2003/03/24 13:56:04| authenticateValidateUser: Validated Auth_user request '0x87087a0'. 2003/03/24 13:56:04| authenticateAuthUserRequestUnlock auth_user request '0x87087a0'. 2003/03/24 13:56:04| authenticateAuthUserRequestUnlock auth_user_request '0x87087a0' now at '2'. 2003/03/24 13:56:04| aclMatchExternal: nt_group = 1 2003/03/24 13:56:04| aclMatchAclList: returning 1 and then moments later it doesn't ... 2003/03/24 13:56:04| aclCheckFast: list: 0x821a6d0 2003/03/24 13:56:04| aclMatchAclList: checking Staff 2003/03/24 13:56:04| aclMatchAcl: checking 'acl Staff external nt_group Staff' 2003/03/24 13:56:04| aclMatchExternal: acl="nt_group" 2003/03/24 13:56:04| authenticateValidateUser: Validating Auth_user request '0x0'. 2003/03/24 13:56:04| authenticateValidateUser: Auth_user_request was NULL! 2003/03/24 13:56:04| authenticateAuthenticate: broken auth or no proxy_auth header. Requesting auth header. 2003/03/24 13:56:04| aclMatchAcl: returning 0 sending authentication challenge. 2003/03/24 13:56:04| aclMatchExternal: nt_group user not authenticated (0) 2003/03/24 13:56:04| aclMatchAclList: returning 0 Here are the important bits of my squid.conf debug_options ALL,1 28,9 29,9 44,9 3,9 54,9 82,9 84,9 72,9 auth_param ntlm program /usr/local/libexec/wb_ntlmauth auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/libexec/wb_auth auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours external_acl_type nt_group %LOGIN /usr/local/libexec/wb_group.sh acl all src 0.0.0.0/0.0.0.0 acl password proxy_auth REQUIRED miss_access allow all never_direct allow all acl Proxy1 external nt_group Proxy1 acl Staff external nt_group Staff http_access deny !password http_access allow Staff http_access allow Proxy1 http_access deny all cache_peer 127.0.0.1 parent 8081 0 proxy-only no-query cache_peer_access 127.0.0.1 allow Proxy1 cache_peer_access 127.0.0.1 deny !Proxy1 cache_peer 127.0.0.2 parent 8082 0 proxy-only no-query cache_peer_access 127.0.0.2 allow Staff cache_peer_access 127.0.0.2 deny !Staff Thanks in advance.
