Squid3 local authentication not authenticating

Cache/Proxy
Log in to reply
  • C

    Hello all. I have been having issues getting local authentication to work in Squid3.

    If I set authentication to none, everything works great.  I can use the proxy, see my remote machine getting succesfull packets in the access and cache logs, and it works great.  So I then decided to setup local authentication.

    I enabled Local authentication, saved the configuration and then went to the users tab and created my user.  I then saved the config again, and restarted the squid service.

    Now, my PC will get the authentication box, and when I enter my credentials, I keep getting prompted.  It doesnt appear that I am getting autenticated using local auth.

    If I do a tail -f on access.log on my pfsense machine here is what I see:
    1424320805.815      4 192.168.1.111 TCP_DENIED/407 3810 CONNECT aus3.mozilla.org:443 cubedroot HIER_NONE/- text/html
    1424320805.815      3 192.168.1.111 TCP_DENIED/407 3775 CONNECT blocklist.addons.mozilla.org:443 cubedroot HIER_NONE/- text/html

    Everytime I enter my credentials, and press enter, I get 2 lines that look like the two above.

    Here's my setup information:
    2.2-RELEASE (amd64)
    built on Thu Jan 22 14:03:54 CST 2015

    Squid 3 package version: 3.4.10_2 pkg 0.2.6

    I have also verified that my username is showing up in the squid.passwd.  Any suggestions?

    0
  • marcelloc

    I've tested local authentication without issues today.

    Try to add your local network on first squid acl.

    Also check cache.log to see if it shows any warning or error.

    0
  • C

    Thanks for the reply.

    Here is what my ACL configuration looks like.  I have my local network on the first ACL:  http://i.imgur.com/WBJiTfA.png

    Here is the last 50 lines of my cache.log:  http://fpaste.org/187850/14243824/

    However, if I do a tail -f on cache.log and access.log and keep it running, and then go to my machine and try to use the proxy, I get prompted for authentication, and as soon as I enter my credentials, the box will pop back up and then I see these entries in the access.log:

    1424382534.663      0 192.168.1.2 TCP_DENIED/407 4071 GET http://google.com/ - HIER_NONE/- text/html
    This line pops up right when the authentication box is displayed

    1424382547.914      4 192.168.1.2 TCP_DENIED/407 4221 GET http://google.com/ cubedroot HIER_NONE/- text/html
    After I enter my credentials and press enter, I get this line.

    Then there are no more entries in the logs. cubedroot is the user I tried to authenticate with.

    I also double checked… If I disabled local authentication, the proxy works great and I see things like this in the logs:
    ==> access.log <==
    1424382661.430    44 192.168.1.2 TCP_MISS/301 665 GET http://google.com/ - HIER_DIRECT/74.205.129.30 text/html
    1424382661.472    39 192.168.1.2 TCP_MISS/302 802 GET http://www.google.com/ - HIER_DIRECT/74.125.196.104 text/html
    1424382661.609    44 192.168.1.2 TCP_MISS/200 871 POST http://clients1.google.com/ocsp - HIER_DIRECT/74.205.129.38 application/ocsp-response

    Nothing in cache.log
    Is there anyway to totally blow away all squid related packages and files and just reinstall?

    0
  • marcelloc

    Did you tried a simple passwork without special characters?

    0
  • C

    NICE! I believe I found the problem.  It looks as if the webform field for the password is truncating everything after 8 characters.  The password I was using had 12 characters.

    I am able to use any password as long as it is 8 characters or below.  If I create a password that has more than 8 characters it wont authenticate.

    For example:
    password of: 12345678  works great.

    Changed password to: 123456789
    Will not authenticate. HOWEVER if I use 12345678 for the password it works.

    To test my thesis, I reset the password to ABCDEFGHI
    Will not authenticate with that password.  But, if i use ABCDEFGH  i am able to authenticate without any issues.

    I am not sure if there is an eight character password limit in the samba.passwd file, or if its a limit in the entry field of the web page for the user.  But, using any string as long as its 8 characters or below in that field works.

    0
  • L

    hi,

    did you find the solution for this issue?

    I have the same problem but if I write a 123456 password it keeps with the same behaviour.

    Rgds
    Luis

    0
  • jimp
    Rebel Alliance Developer Netgate

    Update to the latest squid package. I have put in a fix to properly handle longer passwords.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy