[squid-users] doubts about the squid3

Amos Jeffries squid3 at treenet.co.nz
Thu Dec 3 09:42:21 UTC 2015

On 3/12/2015 4:15 p.m., Marcio Demetrio Bacci wrote:
> My Linux Stations are in Domain, but when a user open your bowser, the user
> and password are asked. Sometimes, during the navegation, the user and
> password are asked again.

Be aware the popup has nothing to do with Squid. It is a mechanism the
browser uses to get credentials when it discovers that the ones it has
are invalid, not usable any longer, not acceptible, or otherwise
rejected by the authentication systems it is trying to uses them with.

Basically it is a last-resort method to find some way to login to an
authenticated service.

So for the popup to happen you either have misconfigured Squid or
running into a bug in the authentication. It has been a while since we
had any bugs that only occured later (the current bunch are immediately

> This way, I wish that the user session to be valid per 4 hours. How do I
> set it?

Firstly, there is no such thing as "session" in HTTP.

For authentication "sessions"

> Follow the authentication portion of the  my squid.conf:
> # NTLM
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp  --domain=DOMAIN
> auth_param ntlm children 30
> auth_param ntlm keep_alive off
> auth_param basic program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm "Web Proxy"
> external_acl_type ad_group %LOGIN /usr/lib/squid3/wbinfo_group.pl -d

There is also all the part(s) where authentication gets used, and the
non-authentication ACLs around those which determine under what
conditinos authentication gets used.

Please post your whole squid.conf (without the comments or empty lines)
so we can do a proper analysis.


More information about the squid-users mailing list