We are running Squid Cache: Version 2.5.STABLE1 configure options: --enable-auth=ntlm,basic --enable-ntlm-auth-helpers=winbind --enable-basic-auth-helpers=winbind --enable-delay-pools
When we activate delay pools users stop authenticating with the domain and a error appear in the client browser saying couldn�t retrieve the page and the domain\user never appear in the access.log. EX: 1077921626.547 0 x.x.x.x TCP_DENIED/407 1642 GET http://www.hotmail.com/ - NONE/- text/html Without delay pools all work fine and we can see domain\user in the access.log. EX: 1077931310.377 232 x.x.x.x TCP_MISS/200 9406 GET http://www.google.com.ar/intl/es_ALL/images/directory_hp.gif domain\user FIRST_PARENT_MISS/127.0.0.1 image/gif What are we doing wrong??? RGDS Here are a extract of the squid.conf auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth -d auth_param ntlm children 50 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 81 # http acl Safe_ports port 85 acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-1074 # unregistered ports acl Safe_ports port 1076-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl localnet proxy_auth REQUIRED acl user_delay_2048 proxy_auth REQUIRED #I probe "acl user_delay_2048 proxy_auth -i domain\user" acl user_delay_4096 proxy_auth REQUIRED #I probe "acl user_delay_2048 proxy_auth -i domain\user" no_cache deny all http_access allow localhost http_access allow manager localhost http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow user_delay_2048 #I probe removing this line http_access allow user_delay_4096 #I probe removing this line http_access deny all # Comment out previous line, and uncomment next line to stop authentication never_direct allow all delay_pools 2 delay_class 1 2 delay_class 2 2 delay_access 1 allow user_delay_2048 delay_access 1 deny all delay_access 2 allow user_delay_4096 delay_access 2 deny all delay_parameters 1 8192/8192 4096/6144 delay_parameters 2 8192/8192 2048/3072
