I have squid configured with kerberos (squid_kerb_auth) to
authenticate users against Active Directory. The SSO is working well
for users logged on domain...
For users out of domain, I configured squid_ldap_auth +
squid_ldap_group. However, the authentication only work after the
third try of user...
Is there a way to fix that? I want that users put their credentials
just one time to authentication...
Our OS is Windows XP and Windows 7.. both with EI9 + Firefox + Chrome
May you help me?
Thanks in advance...
Bellow is what I have in squid.conf (section about authentication):
#########################################################
auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d -s
HTTP/server.domain.local
auth_param negotiate children 10
auth_param negotiate keep_alive on
auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b
"dc=domain,dc=local" -D squid_at_DOMAIN.LOCAL -w "@mypass" -f
sAMAccountName=%s -h server.domain.local -d
auth_param basic children 5
auth_param basic realm Internet Authentication
auth_param basic credentialsttl 2 hours
auth_param basic keep_alive off
external_acl_type memberof %LOGIN /usr/lib/squid3/squid_ldap_group -R
-K -b "dc=domain,dc=local" -D squid_at_DOMAIN.LOCAL -w "@mypass" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=$
acl INTERNET_Perfil_Avancado external memberof INTERNET_Perfil_Avancado
acl INTERNET_Perfil_Basico external memberof INTERNET_Perfil_Basico
acl INTERNET_Perfil_Padrao external memberof INTERNET_Perfil_Padrao
acl INTERNET_Perfil_Padrao_Sociais external memberof
INTERNET_Perfil_Padrao_Sociais
acl auth proxy_auth REQUIRED
#########################################################
-- Alípio Luiz [Squidy] | Brasil - Cuiabá/MT Email/GTalk: alipio.luiz [arroba] gmail.com Skype: alipio.luiz Linux User #251497Received on Tue Apr 02 2013 - 18:39:37 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 03 2013 - 12:00:13 MDT