Squid3 local authentication not authenticating



  • Hello all. I have been having issues getting local authentication to work in Squid3.

    If I set authentication to none, everything works great.  I can use the proxy, see my remote machine getting succesfull packets in the access and cache logs, and it works great.  So I then decided to setup local authentication.

    I enabled Local authentication, saved the configuration and then went to the users tab and created my user.  I then saved the config again, and restarted the squid service.

    Now, my PC will get the authentication box, and when I enter my credentials, I keep getting prompted.  It doesnt appear that I am getting autenticated using local auth.

    If I do a tail -f on access.log on my pfsense machine here is what I see:
    1424320805.815      4 192.168.1.111 TCP_DENIED/407 3810 CONNECT aus3.mozilla.org:443 cubedroot HIER_NONE/- text/html
    1424320805.815      3 192.168.1.111 TCP_DENIED/407 3775 CONNECT blocklist.addons.mozilla.org:443 cubedroot HIER_NONE/- text/html

    Everytime I enter my credentials, and press enter, I get 2 lines that look like the two above.

    Here's my setup information:
    2.2-RELEASE (amd64)
    built on Thu Jan 22 14:03:54 CST 2015

    Squid 3 package version: 3.4.10_2 pkg 0.2.6

    I have also verified that my username is showing up in the squid.passwd.  Any suggestions?



  • I've tested local authentication without issues today.

    Try to add your local network on first squid acl.

    Also check cache.log to see if it shows any warning or error.



  • Thanks for the reply.

    Here is what my ACL configuration looks like.  I have my local network on the first ACL:  http://i.imgur.com/WBJiTfA.png

    Here is the last 50 lines of my cache.log:  http://fpaste.org/187850/14243824/

    However, if I do a tail -f on cache.log and access.log and keep it running, and then go to my machine and try to use the proxy, I get prompted for authentication, and as soon as I enter my credentials, the box will pop back up and then I see these entries in the access.log:

    1424382534.663      0 192.168.1.2 TCP_DENIED/407 4071 GET http://google.com/ - HIER_NONE/- text/html
    This line pops up right when the authentication box is displayed

    1424382547.914      4 192.168.1.2 TCP_DENIED/407 4221 GET http://google.com/ cubedroot HIER_NONE/- text/html
    After I enter my credentials and press enter, I get this line.

    Then there are no more entries in the logs. cubedroot is the user I tried to authenticate with.

    I also double checked… If I disabled local authentication, the proxy works great and I see things like this in the logs:
    ==> access.log <==
    1424382661.430    44 192.168.1.2 TCP_MISS/301 665 GET http://google.com/ - HIER_DIRECT/74.205.129.30 text/html
    1424382661.472    39 192.168.1.2 TCP_MISS/302 802 GET http://www.google.com/ - HIER_DIRECT/74.125.196.104 text/html
    1424382661.609    44 192.168.1.2 TCP_MISS/200 871 POST http://clients1.google.com/ocsp - HIER_DIRECT/74.205.129.38 application/ocsp-response

    Nothing in cache.log
    Is there anyway to totally blow away all squid related packages and files and just reinstall?



  • Did you tried a simple passwork without special characters?



  • NICE! I believe I found the problem.  It looks as if the webform field for the password is truncating everything after 8 characters.  The password I was using had 12 characters.

    I am able to use any password as long as it is 8 characters or below.  If I create a password that has more than 8 characters it wont authenticate.

    For example:
    password of: 12345678  works great.

    Changed password to: 123456789
    Will not authenticate. HOWEVER if I use 12345678 for the password it works.

    To test my thesis, I reset the password to ABCDEFGHI
    Will not authenticate with that password.  But, if i use ABCDEFGH  i am able to authenticate without any issues.

    I am not sure if there is an eight character password limit in the samba.passwd file, or if its a limit in the entry field of the web page for the user.  But, using any string as long as its 8 characters or below in that field works.



  • hi,

    did you find the solution for this issue?

    I have the same problem but if I write a 123456 password it keeps with the same behaviour.

    Rgds
    Luis


  • Rebel Alliance Developer Netgate

    Update to the latest squid package. I have put in a fix to properly handle longer passwords.


Log in to reply