Re: [squid-users] Digest Ldap Authentication got failed for some user accounts

From: sankar m <debianlinux.ss_at_gmail.com>
Date: Mon, 12 Oct 2009 10:20:57 +0530

Dear Sir,

Here are some additional details that may help.

Unique authenticated users per proxy : 315 users/day
Proxy utilization per day : 20 GB per day
Squid Disk cache : Disabled

System memory and load status:

Mem: 8183880k total, 5938872k used, 2245008k free, 524284k buffers
load average: 0.76, 0.65, 0.64

System Processor : Intel(R) Xeon(R) CPU 2.83GHz Quad-Core
System Memory : 8 GB

Please ask me for any additional information if required.

Regards,
Sankar.M

Squid configured with,

# ./configure --prefix=/usr/local/squid
--localstatedir=/var/logs/squid --exec-prefix=/usr/local/squid
--enable-linux-netfilter --disable-ident-lookups
--with-filedescriptors=8192 --enable-snmp --enable-delay-pools
--enable-cache-digests --enable-poll --enable-truncate
--enable-removal-policies --enable-auth="basic digest"
--enable-auth-basic-helpers=squid_radius_auth
--enable-digest-auth-helpers=ldap

On 10/11/09, Henrik Nordstrom <henrik_at_henriknordstrom.net> wrote:
> lör 2009-10-10 klockan 20:23 +0530 skrev sankar m:
>
>> I'm using "digest_ldap_auth" with "Open Ldap" combination for Digest
>> Authentication. It works well, but some users got authentication
>> failed. I'm able to get the valid hash from the LDAP server through
>> the command line,
>
> Do these users have any "odd" characters in their password? Digest
> unfortunately only works reliably for us-ascii characters.
>
>> Note that I'm running FIVE squid servers. I successfully authenticated
>> with 2nd proxy server using the same user account which got failed
>> with the first proxy server. Squid returning the TCP_DENIED/407
>> response to the client. Same userid is working when I do restart squid
>> (even reconfigure doesn't help), but I feel it is never be a right
>> way. After the successful restart, some other accounts are not
>> working.
>
> Which Squid version?
>
> Regards
> Henrik
>
>
Received on Mon Oct 12 2009 - 04:51:04 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 12 2009 - 12:00:03 MDT