Squid3 local authentication not authenticating

CubedRoot

Hello all. I have been having issues getting local authentication to work in Squid3.

If I set authentication to none, everything works great.  I can use the proxy, see my remote machine getting succesfull packets in the access and cache logs, and it works great.  So I then decided to setup local authentication.

I enabled Local authentication, saved the configuration and then went to the users tab and created my user.  I then saved the config again, and restarted the squid service.

Now, my PC will get the authentication box, and when I enter my credentials, I keep getting prompted.  It doesnt appear that I am getting autenticated using local auth.

If I do a tail -f on access.log on my pfsense machine here is what I see:
1424320805.815      4 192.168.1.111 TCP_DENIED/407 3810 CONNECT aus3.mozilla.org:443 cubedroot HIER_NONE/- text/html
1424320805.815      3 192.168.1.111 TCP_DENIED/407 3775 CONNECT blocklist.addons.mozilla.org:443 cubedroot HIER_NONE/- text/html

Everytime I enter my credentials, and press enter, I get 2 lines that look like the two above.

Here's my setup information:
2.2-RELEASE (amd64)
built on Thu Jan 22 14:03:54 CST 2015

Squid 3 package version: 3.4.10_2 pkg 0.2.6

I have also verified that my username is showing up in the squid.passwd.  Any suggestions?

marcelloc

I've tested local authentication without issues today.

Try to add your local network on first squid acl.

Also check cache.log to see if it shows any warning or error.

CubedRoot

Thanks for the reply.

Here is what my ACL configuration looks like.  I have my local network on the first ACL:  http://i.imgur.com/WBJiTfA.png

Here is the last 50 lines of my cache.log:  http://fpaste.org/187850/14243824/

However, if I do a tail -f on cache.log and access.log and keep it running, and then go to my machine and try to use the proxy, I get prompted for authentication, and as soon as I enter my credentials, the box will pop back up and then I see these entries in the access.log:

1424382534.663      0 192.168.1.2 TCP_DENIED/407 4071 GET http://google.com/ - HIER_NONE/- text/html
This line pops up right when the authentication box is displayed

1424382547.914      4 192.168.1.2 TCP_DENIED/407 4221 GET http://google.com/ cubedroot HIER_NONE/- text/html
After I enter my credentials and press enter, I get this line.

Then there are no more entries in the logs. cubedroot is the user I tried to authenticate with.

I also double checked… If I disabled local authentication, the proxy works great and I see things like this in the logs:
==> access.log <==
1424382661.430    44 192.168.1.2 TCP_MISS/301 665 GET http://google.com/ - HIER_DIRECT/74.205.129.30 text/html
1424382661.472    39 192.168.1.2 TCP_MISS/302 802 GET http://www.google.com/ - HIER_DIRECT/74.125.196.104 text/html
1424382661.609    44 192.168.1.2 TCP_MISS/200 871 POST http://clients1.google.com/ocsp - HIER_DIRECT/74.205.129.38 application/ocsp-response

Nothing in cache.log
Is there anyway to totally blow away all squid related packages and files and just reinstall?

marcelloc

Did you tried a simple passwork without special characters?

CubedRoot

NICE! I believe I found the problem.  It looks as if the webform field for the password is truncating everything after 8 characters.  The password I was using had 12 characters.

I am able to use any password as long as it is 8 characters or below.  If I create a password that has more than 8 characters it wont authenticate.

For example:
password of: 12345678  works great.

Changed password to: 123456789
Will not authenticate. HOWEVER if I use 12345678 for the password it works.

To test my thesis, I reset the password to ABCDEFGHI
Will not authenticate with that password.  But, if i use ABCDEFGH  i am able to authenticate without any issues.

I am not sure if there is an eight character password limit in the samba.passwd file, or if its a limit in the entry field of the web page for the user.  But, using any string as long as its 8 characters or below in that field works.

lgalford

hi,

did you find the solution for this issue?

I have the same problem but if I write a 123456 password it keeps with the same behaviour.

Rgds
Luis

jimp

Update to the latest squid package. I have put in a fix to properly handle longer passwords.