[squid-users] Password prompt pops up when using NTLM authenticator

[Claudio Alonso]

Hi, I've been using squid 2.5-STABLE2 with NTLM authentication in my company 
for a few months, and I'm having a persistent problem which I can't fix. May 
be you can give me a clue.
The users are logged into the domain and are browsing through squid with IE. 
Most of the time they don't have any problem, but some times a password 
prompt pops up.
Is this a normal behaviour?
When that happens, sometimes (not always) this password prompt keeps poping 
up and don't let these users browse the web. In these cases I can only fix 
it restarting squid.
For a complete information I'm sending you some fragments of my squid.conf 
file.
Thanks in advance,

--Claudio

===================squid.conf file fragments=====================
http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
ftp_user anonymous@
auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
auth_param ntlm children 15
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/squid/libexec/wb_auth
auth_param basic children 15
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
request_body_max_size 1 MB
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl server3 snmp_community comuni3
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1863        # MSN
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 5050
acl Safe_ports port 5190
acl CONNECT method CONNECT
acl domusers proxy_auth REQUIRED
acl negados url_regex "/usr/local/squid/etc/sitios-denegados"
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny negados
http_access allow domusers
http_access deny all
http_reply_access allow all
icp_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
snmp_access allow server3
_________________________________________________________________
Charla con tus amigos en l�nea mediante MSN Messenger: 
http://messenger.yupimsn.com/