Marc Haber wrote:
> one customer of ours is running squid2.3.STABLE4 on FreeBSD
> 4.1-RELEASE, of which I don't have a clue. The squid conf has _two_
> authenticate_program clauses, saying
>
> authenticate_program smb_auth -W domain1 -U DC1
> authenticate_program smb_auth -W domain2 -U DC2.
>
> Customer claims that users from both domains were able to use the
> proxy until yesterday.
If so, this was certainly not caused by Squid. The authenticate_program
directive is single-valued, and if specified more than once then the
last specification is used.
> Right now, squid denies all requests
> originating from domain2 users, and only the first smb_auth process
> children (5 processes) authenticating against domain1 is currently
> running. When I restart squid, only smb_auth domain1 children are
> started.
Are you sure it is not the other way around?
> Can anyone enlighten me about what's going on here? Is it possible
> that both domain controllers were engaged in a trust relationship so
> that DC1 forwarded all authentication requests for domain2 users to
> DC2 without squid noticing?
Most likely yes.
> Any hints will be appreciated.
Chaining multiple authenticators together is pretty simple with a Perl
little programming. Search the archives for examples. The same thing can
theoretically be done with some creative use of shell scripted pipes..
See for example an old message on using 2 different authenticators
<http://www.squid-cache.org/mail-archive/squid-users/200004/0790.html>
There is more examples in the Squid-users archives.
Regards
Henrik Nordström
Squid Hacker
Received on Mon Oct 01 2001 - 13:12:04 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:34 MST