Probably the password fails to validate.
Can you (as the user Squid runs as, not root) run
/usr/sbin/squid_pam_auth and sucessfully validate the password?
The problem discussed was another one, not involving authentication.
-- Henrik Nordstrom Squid hacker Dustin Butler wrote: > > I can't seem to find why I'm getting TCP_DENIED/407 messages in access.log. > Whenever I comment out the http_access allow all line in the following > squid.conf file I will get all TCP_DENIED on every request. The > squid_pam_auth program is working at I can authenticate properly from the > shell using it. I found one thread talking about this problem and that a > solution was not found (included), I'm wondering is there is anymore > information on this. I'm running squid-2.2.STABLE4-8 > > squid.conf > ---------- > store_avg_object_size 6 KB > authenticate_program /usr/sbin/squid_pam_auth > authenticate_children 2 > authenticate_ttl 30 > positive_dns_ttl 120 seconds > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl localnet src 192.108.0.0/255.255.0.0 > acl password proxy_auth REQUIRED > acl SSL_ports port 443 563 > acl Safe_ports port 80 88 89 21 443 563 70 210 1025-65535 > acl CONNECT method CONNECT > > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost > #http_access allow all > http_access allow localnet password > > http_access deny all > icp_access deny all > miss_access allow all > proxy_auth_realm web proxy-cache > logfile_rotate 10 > > access.log > ---------- > 980881595.764 937 192.108.0.221 TCP_DENIED/407 1411 GET > http://my.yahoo.com/ fcupersmith NONE/- - > 980881603.103 1009 192.108.0.221 TCP_DENIED/407 1516 GET > http://dezigns4u.com/forums/LOCKER_ROOM/posts/1493.html fcupersmith NONE/- - > 980881603.984 876 192.108.0.221 TCP_DENIED/407 1516 GET > http://dezigns4u.com/forums/LOCKER_ROOM/posts/1493.html fcupersmith NONE/- - > 980881652.043 1280 192.108.0.221 TCP_DENIED/407 1411 GET > http://my.yahoo.com/ fcupersmith NONE/- - > > Nate Cull wrote: > > > > Running a virgin Red Hat 7.0 server as a Squid proxy box > > (squid-2.3STABLE4-1 rpm) with an ACL inclusion list (ie, > > it will only allow connections to a specified list of sites) > > we're getting an odd intermittent problem. At random times > > during the day (this seems to happen every couple of weeks), > > squid will suddenly fall into a state where it rejects EVERY > > http request sent to it (not just ones sent to unauthorised > > sites). We can see this in the logs; suddenly every line becomes > > a TCP_DENIED inst > > Seen it in Squid-2.2.STABLE5-hno from time to time, but have not been > able to isolate the cause. For me the some src type ACLs ceased to > function from time to time. > > acl localhost src 127.0.0.1/32 > > I cannot remember seeing any changes in Squid which has smelled like > possibly fixing this issue, so I guess the problem is still there > somewhere. > > -- > Henrik Nordstrom > Squid hacker > > -- > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Tue Jan 30 2001 - 15:04:52 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:39 MST