Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid3 local authentication not authenticating

    Scheduled Pinned Locked Moved Cache/Proxy
    7 Posts 4 Posters 5.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CubedRoot
      last edited by

      Hello all. I have been having issues getting local authentication to work in Squid3.

      If I set authentication to none, everything works great.  I can use the proxy, see my remote machine getting succesfull packets in the access and cache logs, and it works great.  So I then decided to setup local authentication.

      I enabled Local authentication, saved the configuration and then went to the users tab and created my user.  I then saved the config again, and restarted the squid service.

      Now, my PC will get the authentication box, and when I enter my credentials, I keep getting prompted.  It doesnt appear that I am getting autenticated using local auth.

      If I do a tail -f on access.log on my pfsense machine here is what I see:
      1424320805.815      4 192.168.1.111 TCP_DENIED/407 3810 CONNECT aus3.mozilla.org:443 cubedroot HIER_NONE/- text/html
      1424320805.815      3 192.168.1.111 TCP_DENIED/407 3775 CONNECT blocklist.addons.mozilla.org:443 cubedroot HIER_NONE/- text/html

      Everytime I enter my credentials, and press enter, I get 2 lines that look like the two above.

      Here's my setup information:
      2.2-RELEASE (amd64)
      built on Thu Jan 22 14:03:54 CST 2015

      Squid 3 package version: 3.4.10_2 pkg 0.2.6

      I have also verified that my username is showing up in the squid.passwd.  Any suggestions?

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        I've tested local authentication without issues today.

        Try to add your local network on first squid acl.

        Also check cache.log to see if it shows any warning or error.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • C
          CubedRoot
          last edited by

          Thanks for the reply.

          Here is what my ACL configuration looks like.  I have my local network on the first ACL:  http://i.imgur.com/WBJiTfA.png

          Here is the last 50 lines of my cache.log:  http://fpaste.org/187850/14243824/

          However, if I do a tail -f on cache.log and access.log and keep it running, and then go to my machine and try to use the proxy, I get prompted for authentication, and as soon as I enter my credentials, the box will pop back up and then I see these entries in the access.log:

          1424382534.663      0 192.168.1.2 TCP_DENIED/407 4071 GET http://google.com/ - HIER_NONE/- text/html
          This line pops up right when the authentication box is displayed

          1424382547.914      4 192.168.1.2 TCP_DENIED/407 4221 GET http://google.com/ cubedroot HIER_NONE/- text/html
          After I enter my credentials and press enter, I get this line.

          Then there are no more entries in the logs. cubedroot is the user I tried to authenticate with.

          I also double checked… If I disabled local authentication, the proxy works great and I see things like this in the logs:
          ==> access.log <==
          1424382661.430    44 192.168.1.2 TCP_MISS/301 665 GET http://google.com/ - HIER_DIRECT/74.205.129.30 text/html
          1424382661.472    39 192.168.1.2 TCP_MISS/302 802 GET http://www.google.com/ - HIER_DIRECT/74.125.196.104 text/html
          1424382661.609    44 192.168.1.2 TCP_MISS/200 871 POST http://clients1.google.com/ocsp - HIER_DIRECT/74.205.129.38 application/ocsp-response

          Nothing in cache.log
          Is there anyway to totally blow away all squid related packages and files and just reinstall?

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            Did you tried a simple passwork without special characters?

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • C
              CubedRoot
              last edited by

              NICE! I believe I found the problem.  It looks as if the webform field for the password is truncating everything after 8 characters.  The password I was using had 12 characters.

              I am able to use any password as long as it is 8 characters or below.  If I create a password that has more than 8 characters it wont authenticate.

              For example:
              password of: 12345678  works great.

              Changed password to: 123456789
              Will not authenticate. HOWEVER if I use 12345678 for the password it works.

              To test my thesis, I reset the password to ABCDEFGHI
              Will not authenticate with that password.  But, if i use ABCDEFGH  i am able to authenticate without any issues.

              I am not sure if there is an eight character password limit in the samba.passwd file, or if its a limit in the entry field of the web page for the user.  But, using any string as long as its 8 characters or below in that field works.

              1 Reply Last reply Reply Quote 0
              • L
                lgalford
                last edited by

                hi,

                did you find the solution for this issue?

                I have the same problem but if I write a 123456 password it keeps with the same behaviour.

                Rgds
                Luis

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Update to the latest squid package. I have put in a fix to properly handle longer passwords.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.