dear all,
my reverse proxy for OWA with squid2.6stable9 on RH ES4.U1 works fine.
Now I'm trying to add an authentication but I see an unusual behaviour
For that I'm using squid3 (daily auto-generated released last friday)
My squid.conf:
cache_effective_user squid
cache_effective_group squid
https_port 10.10.145.1:443 accel cert=/usr/local/squid/etc/wmail.crt
key=/usr/local/squid/etc/wmail.key defaultsite=dondy.tc-express.it
cache_peer egd-srv-1.tc-express.it parent 443 0 front-end-https=on ssl
sslcert=/usr/local/squid/etc/host.crt
sslkey=/usr/local/squid/etc/host.key sslflags=DONT_VERIFY_PEER no-query
originserver login=PASS visible_hostname dondy.tc-express.it
auth_param basic program /usr/local/squid/libexec/ncsa_auth
/usr/local/squid/etc/passwd #auth_param basic program
/usr/local/squid/libexec/pam_auth auth_param basic children 2 auth_param
basic realm ReverseProxy_ncsa #auth_param basic realm ReverseProxy_pam
auth_param basic credentialsttl 15 minutes
acl pippo proxy_auth REQUIRED
acl allowed_hosts src 0.0.0.0/0.0.0.0
acl all src 0.0.0.0/0.0.0.0
#http_access allow allowed_hosts
http_access allow allowed_hosts pippo
icp_port 0
redirect_rewrites_host_header off
emulate_httpd_log on
log_fqdn on
logfile_rotate 4
access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
never_direct allow all
I'm using 'tce' as local squid authentication and alberto.dondana as OWA
basic authentication.
What happens: two authentication level seems working fine, but
immediately my reverse proxy start sending OWA one packet with right
user 'alberto.dondana', the second with wrong user 'tce', then 'right
user again and so on... as seen in access.log below:
10.10.145.1 - alberto.dondana [06/Mar/2007:16:14:02 +0100] "GET
https://dondy.tc-express.it/exchange
<https://dondy.tc-express.it/exchange> HTTP/1.1" 401 2805
TCP_DENIED:NONE
10.10.145.1 - tce [06/Mar/2007:16:14:02 +0100] "GET
https://dondy.tc-express.it/exchange
<https://dondy.tc-express.it/exchange> HTTP/1.1" 401 412
TCP_MISS:FIRST_UP_PARENT
10.10.145.1 - alberto.dondana [06/Mar/2007:16:14:02 +0100] "GET
https://dondy.tc-express.it/exchange
<https://dondy.tc-express.it/exchange> HTTP/1.1" 401 2805
TCP_DENIED:NONE
10.10.145.1 - tce [06/Mar/2007:16:14:02 +0100] "GET
https://dondy.tc-express.it/exchange
<https://dondy.tc-express.it/exchange> HTTP/1.1" 401 412
TCP_MISS:FIRST_UP_PARENT
10.10.145.1 - alberto.dondana [06/Mar/2007:16:14:02 +0100] "GET
https://dondy.tc-express.it/exchange
<https://dondy.tc-express.it/exchange> HTTP/1.1" 401 2805
TCP_DENIED:NONE
10.10.145.1 - tce [06/Mar/2007:16:14:02 +0100] "GET
https://dondy.tc-express.it/exchange
<https://dondy.tc-express.it/exchange> HTTP/1.1" 401 412
TCP_MISS:FIRST_UP_PARENT
10.10.145.1 - alberto.dondana [06/Mar/2007:16:14:02 +0100] "GET
https://dondy.tc-express.it/exchange
<https://dondy.tc-express.it/exchange> HTTP/1.1" 401 2805
TCP_DENIED:NONE
10.10.145.1 - tce [06/Mar/2007:16:14:02 +0100] "GET
https://dondy.tc-express.it/exchange
<https://dondy.tc-express.it/exchange> HTTP/1.1" 401 412
TCP_MISS:FIRST_UP_PARENT
10.10.145.1 - alberto.dondana [06/Mar/2007:16:14:02 +0100] "GET
https://dondy.tc-express.it/exchange
<https://dondy.tc-express.it/exchange> HTTP/1.1" 401 2805
TCP_DENIED:NONE
10.10.145.1 - tce [06/Mar/2007:16:14:02 +0100] "GET
https://dondy.tc-express.it/exchange
<https://dondy.tc-express.it/exchange> HTTP/1.1" 401 412
TCP_MISS:FIRST_UP_PARENT
10.10.145.1 - alberto.dondana [06/Mar/2007:16:14:02 +0100] "GET
https://dondy.tc-express.it/exchange
<https://dondy.tc-express.it/exchange> HTTP/1.1" 401 2805
TCP_DENIED:NONE
10.10.145.1 - tce [06/Mar/2007:16:14:02 +0100] "GET
https://dondy.tc-express.it/exchange
<https://dondy.tc-express.it/exchange> HTTP/1.1" 401 412
TCP_MISS:FIRST_UP_PARENT
I emulated the same behaviour in my pc (Fedora C5)
If I'm using pam and locally in squid server I added a user with same
credentials of OWA one (but I use a different user for first squid
authentication) every works well..
Any ideas?
Thanks
Alberto
Received on Tue Mar 06 2007 - 08:45:55 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:01 MDT