When the user logs on to Windows domain and opens the browser can navigate because it is already authenticated. When the user is not logged on the domain opens a popup asking for username and password. When informed user and password authentication correct he asks again (twice) and after work. If the wrong password is entered he asks again, but even informing the correct password several times he did not get success in authentication.
My squid3 server is on the domain and authentication on the command line is working properly (-u wbinfo, wbinfo -g, getent passwd, ntlm_auth). Follow my configuration file (squid.conf): ### Configuracoes Basicas http_port 3128 ### Bloqueia o cache de CGI's acl QUERY urlpath_regex cgi-bin \? cache deny QUERY maximum_object_size 4096 KB minimum_object_size 0 KB maximum_object_size_in_memory 64 KB cache_mem 60 MB #Para não bloquear downloads quick_abort_min -1 KB detect_broken_pconn on pipeline_prefetch on fqdncache_size 1024 ### Parametros de atualizacao da memoria cache refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 ### Parametros de cache em RAM e HD cache_swap_low 90 cache_swap_high 95 ### Localizacao dos logs cache_access_log /var/log/squid3/access.log cache_log /var/log/squid3/cache.log cache_store_log /var/log/squid3/store.log ### define a localizacao do cache de disco, tamanho, qtd de diretorios pai e subdiretorios cache_dir aufs /var/spool/squid3 600 16 256 #Controle do arquivo de log logfile_rotate 10 hosts_file /etc/hosts #Libera acesso ao site da caixa acl caixa dstdomain .caixa.gov.br always_direct allow caixa cache deny caixa ### Realiza a autenticacao no AD via Winbind # NTLM # para quem esta logado em maquinas windows, aproveita a senha do logon auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 # para clientes nao windows, user/senha tem de ser solicitado auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm "Autenticacao - Acesso Monitorado" auth_param basic credentialsttl 2 hours external_acl_type ad_group ipv4 ttl=600 children-max=35 %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl ### ACLs #acl manager proto cache_object acl localhost src 192.168.0.30/32 acl SSL_ports port 22 443 563 # https, snews acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 3001 # imprenssa nacional acl purge method PURGE acl CONNECT method CONNECT ### Regras iniciais do Squid http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl connect_abertas maxconn 8 # acl ligada a autenticacao acl grupo_admins external ad_group gg_webadmins acl grupo_liberado external ad_group gg_webliberados acl grupo_restrito external ad_group gg_webcontrolados ### Bloqueia extensoes de arquivos acl extensoes_bloqueadas url_regex -i "/etc/squid3/acls/extensoes-proibidas" ### Liberar alguns sites acl sites_liberados url_regex -i "/etc/squid3/acls/sites-permitidos" ### Bloqueia sites por URL acl sites_bloqueados url_regex -i "/etc/squid3/acls/sites-proibidos" ### Realiza o bloqueio por palavras acl palavras_bloqueadas url_regex -i "/etc/squid3/acls/palavras-proibidas" ### Exige autenticacao acl autenticados proxy_auth REQUIRED #libera o grupo internet http_access allow grupo_admins http_access deny extensoes_bloqueadas http_access allow sites_liberados http_access deny sites_bloqueados http_access deny palavras_bloqueadas http_access allow grupo_liberado ### Liberando midia social e musica no horario do almoco acl almoco time 11:30-13:30 http_access allow almoco #bloqueia midia social durante o expediente acl social_proibido url_regex -i "/etc/squid3/acls/media-social" http_access deny social_proibido # Regra para bloqueio de extensoes de radios online / arquivos de streaming: acl streaming req_mime_type -i "/etc/squid3/acls/mimeaplicativo" #acl proibir_musica urlpath_regex -i "/etc/squid3/acls/audioextension" acl proibir_musica url_regex -i "/etc/squid3/acls/audioextension" http_access deny proibir_musica http_reply_access deny streaming ### Controle de banda delay_pools 1 delay_class 1 2 ### aprox 32Mbps para todos e 500Kbps para cada usuario delay_parameters 1 4194304/4194304 64000/64000 delay_access 1 allow grupo_restrito http_access allow grupo_restrito #liberando acesso a todos os usuarios autenticados #http_access deny !autenticados http_access allow autenticados ### Rede do CMB ##### acl rede_local src 192.168.0.0/22 ### Nega acesso de quem nao esta na rede local http_access deny !rede_local #negando o acesso para todos que nao estiverem nas regras anteriores http_access deny all visible_hostname proxy.meudominio.com.br ### Erros em portugues error_directory /usr/share/squid3/errors/Portuguese coredump_dir /var/spool/squid3 debug_options ALL,111,2 29,9 84,6" Follow part of my cache.log: ... 2015/09/05 02:35:09.796 kid1| AsyncCallQueue.cc(53) fireNext: leaving MaintainSwapSpace() 2015/09/05 02:35:09.796 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:09.796 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall DelayPools::Update constructed, this=0x7f361986d530 [call2470] 2015/09/05 02:35:09.796 kid1| AsyncCall.cc(85) ScheduleCall: event.cc(261) will call DelayPools::Update() [call2470] 2015/09/05 02:35:09.796 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:09.796 kid1| AsyncCallQueue.cc(51) fireNext: entering DelayPools::Update() 2015/09/05 02:35:09.796 kid1| AsyncCall.cc(30) make: make call DelayPools::Update [call2470] 2015/09/05 02:35:09.796 kid1| event.cc(346) schedule: schedule: Adding 'DelayPools::Update', in 1.00 seconds 2015/09/05 02:35:09.796 kid1| AsyncCallQueue.cc(53) fireNext: leaving DelayPools::Update() 2015/09/05 02:35:09.796 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:09.796 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:09.796 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:09.796 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:10.797 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:10.797 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall MaintainSwapSpace constructed, this=0x7f361986d530 [call2471] 2015/09/05 02:35:10.797 kid1| AsyncCall.cc(85) ScheduleCall: event.cc(261) will call MaintainSwapSpace() [call2471] 2015/09/05 02:35:10.797 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:10.797 kid1| AsyncCallQueue.cc(51) fireNext: entering MaintainSwapSpace() 2015/09/05 02:35:10.797 kid1| AsyncCall.cc(30) make: make call MaintainSwapSpace [call2471] 2015/09/05 02:35:10.797 kid1| ufs/UFSSwapDir.cc(451) maintain: f=1.00, max_scan=500, max_remove=80 2015/09/05 02:35:10.797 kid1| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x7f36195bc308 2015/09/05 02:35:10.797 kid1| cbdata.cc(348) cbdataInternalFree: cbdataFree: 0x7f36195bc308 2015/09/05 02:35:10.797 kid1| cbdata.cc(365) cbdataInternalFree: cbdataFree: Freeing 0x7f36195bc308 2015/09/05 02:35:10.797 kid1| ufs/UFSSwapDir.cc(475) maintain: /var/spool/squid3 removed 0/80 f=1.0000 max_scan=500 2015/09/05 02:35:10.797 kid1| event.cc(346) schedule: schedule: Adding 'MaintainSwapSpace', in 1.00 seconds 2015/09/05 02:35:10.797 kid1| AsyncCallQueue.cc(53) fireNext: leaving MaintainSwapSpace() 2015/09/05 02:35:10.797 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:10.797 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall DelayPools::Update constructed, this=0x7f361986d530 [call2472] 2015/09/05 02:35:10.797 kid1| AsyncCall.cc(85) ScheduleCall: event.cc(261) will call DelayPools::Update() [call2472] 2015/09/05 02:35:10.797 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:10.798 kid1| AsyncCallQueue.cc(51) fireNext: entering DelayPools::Update() 2015/09/05 02:35:10.798 kid1| AsyncCall.cc(30) make: make call DelayPools::Update [call2472] 2015/09/05 02:35:10.798 kid1| event.cc(346) schedule: schedule: Adding 'DelayPools::Update', in 1.00 seconds 2015/09/05 02:35:10.798 kid1| AsyncCallQueue.cc(53) fireNext: leaving DelayPools::Update() 2015/09/05 02:35:10.798 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:10.798 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:10.798 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:10.798 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:11.473 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:11.473 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall fqdncache_purgelru constructed, this=0x7f361986d530 [call2473] 2015/09/05 02:35:11.474 kid1| AsyncCall.cc(85) ScheduleCall: event.cc(261) will call fqdncache_purgelru() [call2473] 2015/09/05 02:35:11.474 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:11.474 kid1| AsyncCallQueue.cc(51) fireNext: entering fqdncache_purgelru() 2015/09/05 02:35:11.474 kid1| AsyncCall.cc(30) make: make call fqdncache_purgelru [call2473] 2015/09/05 02:35:11.474 kid1| event.cc(346) schedule: schedule: Adding 'fqdncache_purgelru', in 10.00 seconds 2015/09/05 02:35:11.474 kid1| fqdncache.cc(258) fqdncache_purgelru: fqdncache_purgelru: removed 0 entries 2015/09/05 02:35:11.474 kid1| AsyncCallQueue.cc(53) fireNext: leaving fqdncache_purgelru() 2015/09/05 02:35:11.474 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:11.474 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:11.798 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:11.799 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall MaintainSwapSpace constructed, this=0x7f361986d530 [call2474] 2015/09/05 02:35:11.799 kid1| AsyncCall.cc(85) ScheduleCall: event.cc(261) will call MaintainSwapSpace() [call2474] 2015/09/05 02:35:11.799 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:11.799 kid1| AsyncCallQueue.cc(51) fireNext: entering MaintainSwapSpace() 2015/09/05 02:35:11.799 kid1| AsyncCall.cc(30) make: make call MaintainSwapSpace [call2474] 2015/09/05 02:35:11.799 kid1| ufs/UFSSwapDir.cc(451) maintain: f=1.00, max_scan=500, max_remove=80 2015/09/05 02:35:11.799 kid1| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x7f36195bc308 2015/09/05 02:35:11.799 kid1| cbdata.cc(348) cbdataInternalFree: cbdataFree: 0x7f36195bc308 2015/09/05 02:35:11.799 kid1| cbdata.cc(365) cbdataInternalFree: cbdataFree: Freeing 0x7f36195bc308 2015/09/05 02:35:11.799 kid1| ufs/UFSSwapDir.cc(475) maintain: /var/spool/squid3 removed 0/80 f=1.0000 max_scan=500 2015/09/05 02:35:11.799 kid1| event.cc(346) schedule: schedule: Adding 'MaintainSwapSpace', in 1.00 seconds 2015/09/05 02:35:11.799 kid1| AsyncCallQueue.cc(53) fireNext: leaving MaintainSwapSpace() 2015/09/05 02:35:11.799 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:11.799 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall DelayPools::Update constructed, this=0x7f361986d530 [call2475] 2015/09/05 02:35:11.799 kid1| AsyncCall.cc(85) ScheduleCall: event.cc(261) will call DelayPools::Update() [call2475] 2015/09/05 02:35:11.799 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:11.799 kid1| AsyncCallQueue.cc(51) fireNext: entering DelayPools::Update() 2015/09/05 02:35:11.799 kid1| AsyncCall.cc(30) make: make call DelayPools::Update [call2475] 2015/09/05 02:35:11.799 kid1| event.cc(346) schedule: schedule: Adding 'DelayPools::Update', in 1.00 seconds 2015/09/05 02:35:11.799 kid1| AsyncCallQueue.cc(53) fireNext: leaving DelayPools::Update() 2015/09/05 02:35:11.799 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:11.799 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:11.799 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:11.800 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:12.801 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:12.801 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall MaintainSwapSpace constructed, this=0x7f361986d530 [call2476] 2015/09/05 02:35:12.801 kid1| AsyncCall.cc(85) ScheduleCall: event.cc(261) will call MaintainSwapSpace() [call2476] 2015/09/05 02:35:12.801 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:12.801 kid1| AsyncCallQueue.cc(51) fireNext: entering MaintainSwapSpace() 2015/09/05 02:35:12.801 kid1| AsyncCall.cc(30) make: make call MaintainSwapSpace [call2476] 2015/09/05 02:35:12.801 kid1| ufs/UFSSwapDir.cc(451) maintain: f=1.00, max_scan=500, max_remove=80 2015/09/05 02:35:12.801 kid1| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x7f36195bc308 2015/09/05 02:35:12.801 kid1| cbdata.cc(348) cbdataInternalFree: cbdataFree: 0x7f36195bc308 2015/09/05 02:35:12.801 kid1| cbdata.cc(365) cbdataInternalFree: cbdataFree: Freeing 0x7f36195bc308 2015/09/05 02:35:12.801 kid1| ufs/UFSSwapDir.cc(475) maintain: /var/spool/squid3 removed 0/80 f=1.0000 max_scan=500 2015/09/05 02:35:12.801 kid1| event.cc(346) schedule: schedule: Adding 'MaintainSwapSpace', in 1.00 seconds 2015/09/05 02:35:12.801 kid1| AsyncCallQueue.cc(53) fireNext: leaving MaintainSwapSpace() 2015/09/05 02:35:12.801 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:12.801 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall DelayPools::Update constructed, this=0x7f361986d530 [call2477] 2015/09/05 02:35:12.801 kid1| AsyncCall.cc(85) ScheduleCall: event.cc(261) will call DelayPools::Update() [call2477] 2015/09/05 02:35:12.801 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:12.801 kid1| AsyncCallQueue.cc(51) fireNext: entering DelayPools::Update() 2015/09/05 02:35:12.801 kid1| AsyncCall.cc(30) make: make call DelayPools::Update [call2477] 2015/09/05 02:35:12.801 kid1| event.cc(346) schedule: schedule: Adding 'DelayPools::Update', in 1.00 seconds 2015/09/05 02:35:12.801 kid1| AsyncCallQueue.cc(53) fireNext: leaving DelayPools::Update() 2015/09/05 02:35:12.801 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:12.801 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:12.801 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:12.801 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:13.802 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:13.802 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall MaintainSwapSpace constructed, this=0x7f361986d530 [call2478] 2015/09/05 02:35:13.802 kid1| AsyncCall.cc(85) ScheduleCall: event.cc(261) will call MaintainSwapSpace() [call2478] 2015/09/05 02:35:13.802 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:13.802 kid1| AsyncCallQueue.cc(51) fireNext: entering MaintainSwapSpace() 2015/09/05 02:35:13.802 kid1| AsyncCall.cc(30) make: make call MaintainSwapSpace [call2478] 2015/09/05 02:35:13.802 kid1| ufs/UFSSwapDir.cc(451) maintain: f=1.00, max_scan=500, max_remove=80 2015/09/05 02:35:13.802 kid1| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x7f36195bc308 2015/09/05 02:35:13.803 kid1| cbdata.cc(348) cbdataInternalFree: cbdataFree: 0x7f36195bc308 2015/09/05 02:35:13.803 kid1| cbdata.cc(365) cbdataInternalFree: cbdataFree: Freeing 0x7f36195bc308 2015/09/05 02:35:13.803 kid1| ufs/UFSSwapDir.cc(475) maintain: /var/spool/squid3 removed 0/80 f=1.0000 max_scan=500 2015/09/05 02:35:13.803 kid1| event.cc(346) schedule: schedule: Adding 'MaintainSwapSpace', in 1.00 seconds 2015/09/05 02:35:13.803 kid1| AsyncCallQueue.cc(53) fireNext: leaving MaintainSwapSpace() 2015/09/05 02:35:13.803 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:13.803 kid1| AsyncCall.cc(18) AsyncCall: The AsyncCall DelayPools::Update constructed, this=0x7f361986d530 [call2479] 2015/09/05 02:35:13.803 kid1| AsyncCall.cc(85) ScheduleCall: event.cc(261) will call DelayPools::Update() [call2479] 2015/09/05 02:35:13.803 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:13.803 kid1| AsyncCallQueue.cc(51) fireNext: entering DelayPools::Update() 2015/09/05 02:35:13.803 kid1| AsyncCall.cc(30) make: make call DelayPools::Update [call2479] 2015/09/05 02:35:13.803 kid1| event.cc(346) schedule: schedule: Adding 'DelayPools::Update', in 1.00 seconds 2015/09/05 02:35:13.803 kid1| AsyncCallQueue.cc(53) fireNext: leaving DelayPools::Update() 2015/09/05 02:35:13.803 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:13.803 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. 2015/09/05 02:35:13.803 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d930 is idle. 2015/09/05 02:35:13.803 kid1| EventLoop.cc(61) checkEngine: Engine 0x7ffd4ae5d900 is idle. Regards, Márcio Bacci
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
