[squid-users] Password prompt pops up when using NTLM authenticator

From: Claudio Alonso <[email protected]>
Date: Fri, 30 May 2003 17:15:57 -0300

Hi, I've been using squid 2.5-STABLE2 with NTLM authentication in my company
for a few months, and I'm having a persistent problem which I can't fix. May
be you can give me a clue.
The users are logged into the domain and are browsing through squid with IE.
Most of the time they don't have any problem, but some times a password
prompt pops up.
Is this a normal behaviour?
When that happens, sometimes (not always) this password prompt keeps poping
up and don't let these users browse the web. In these cases I can only fix
it restarting squid.
For a complete information I'm sending you some fragments of my squid.conf
file.
Thanks in advance,

--Claudio

===================squid.conf file fragments=====================
http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
ftp_user anonymous@
auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
auth_param ntlm children 15
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/squid/libexec/wb_auth
auth_param basic children 15
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
request_body_max_size 1 MB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl server3 snmp_community comuni3
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1863 # MSN
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 5050
acl Safe_ports port 5190
acl CONNECT method CONNECT
acl domusers proxy_auth REQUIRED
acl negados url_regex "/usr/local/squid/etc/sitios-denegados"
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny negados
http_access allow domusers
http_access deny all
http_reply_access allow all
icp_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
snmp_access allow server3

_________________________________________________________________
Charla con tus amigos en l�nea mediante MSN Messenger:
http://messenger.yupimsn.com/
Received on Fri May 30 2003 - 14:27:44 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:07 MST