Squid LDAP based authentication popping up for all new IE windows - squid

This is a discussion on Squid LDAP based authentication popping up for all new IE windows - squid ; Hi All, I am using basic LDAP authentication with squid (squid_auth_ldap) and I am able to authenticate successfully. The problem is that the authentication is popping up for every new IE window, though works without a hitch in FF. I ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Squid LDAP based authentication popping up for all new IE windows

  1. Squid LDAP based authentication popping up for all new IE windows


    Hi All,

    I am using basic LDAP authentication with squid (squid_auth_ldap) and
    I am able to authenticate successfully. The problem is that the
    authentication is popping up for every new IE window, though works
    without a hitch in FF.

    I tried tinkering with credentialsttl and authenticate_ttl but no joy.
    Could somebody please point out what I am doing wrong:

    My configuration is as follows:
    auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -v 3
    -b "ou=People,dc=xxxxx,dc=xx,dc=xx" -D "cn=root,dc=xxxxx,dc=xx,dc=xx" -
    w xxxxxx -h 127.0.0.1
    auth_param basic children 5
    auth_param basic realm XXXX
    auth_param basic credentialsttl 30 minutes

    authenticate_cache_garbage_interval 1 hour
    authenticate_ttl 1 hour
    authenticate_ip_ttl 3000

    acl Authorized proxy_auth REQUIRED
    acl localnet src 192.168.0.0/255.255.0.0
    acl localhost src 127.0.0.1/255.255.255.255
    acl Safe_ports port 80 443 210 119 70 21 23 1025-65535
    acl CONNECT method CONNECT
    acl all src 0.0.0.0/0.0.0.0

    http_access allow Authorized
    http_access allow localnet
    http_access allow localhost
    http_access deny !Safe_ports
    http_access deny CONNECT
    http_access deny all

    Thanks,
    Animesh


  2. Re: Squid LDAP based authentication popping up for all new IE windows


    On Mar 26, 5:41 pm, abansri...@gmail.com wrote:
    > Hi All,
    >
    > I am using basic LDAP authentication with squid (squid_auth_ldap) and
    > I am able to authenticate successfully. The problem is that the
    > authentication is popping up for every new IE window, though works
    > without a hitch in FF.
    >
    > I tried tinkering with credentialsttl and authenticate_ttl but no joy.
    > Could somebody please point out what I am doing wrong:
    >
    > My configuration is as follows:
    > auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -v 3
    > -b "ou=People,dc=xxxxx,dc=xx,dc=xx" -D "cn=root,dc=xxxxx,dc=xx,dc=xx" -
    > w xxxxxx -h 127.0.0.1
    > auth_param basic children 5
    > auth_param basic realm XXXX
    > auth_param basic credentialsttl 30 minutes
    >
    > authenticate_cache_garbage_interval 1 hour
    > authenticate_ttl 1 hour
    > authenticate_ip_ttl 3000
    >
    > acl Authorized proxy_auth REQUIRED
    > acl localnet src 192.168.0.0/255.255.0.0
    > acl localhost src 127.0.0.1/255.255.255.255
    > acl Safe_ports port 80 443 210 119 70 21 23 1025-65535
    > acl CONNECT method CONNECT
    > acl all src 0.0.0.0/0.0.0.0
    >
    > http_access allow Authorized
    > http_access allow localnet
    > http_access allow localhost
    > http_access deny !Safe_ports
    > http_access deny CONNECT
    > http_access deny all
    >
    > Thanks,
    > Animesh


    http://netmirror.org/mirror/squid-ww...Q.html#toc23.3

    Note the note:

    "Note: This has nothing to do with how often the user needs to re-
    authenticate himself. It is the browser who maintains the session, and
    re-authentication is a business between the user and his browser, not
    the browser and Squid. The browser authenticates on behalf of the user
    on every request sent to Squid. What this parameter controls is only
    how often Squid will ask the defined helper if the password is still
    valid."

    Therefore, blame it on the browser.


+ Reply to Thread