incomplete download ie - squid

[Didieb Ajibaskoro]

hi,

Recentl My squid server had a problem with some clients.
The clients uses win 2k and xp. i´ve tried using ie 5.5 & 6, the problem still exist.
Some clients are unable to access images from websites, or their browsers stalls (keep on loading. if i pressed stop the image is partially done.
I use squid-2.5.STABLE3 with ntlm auth to a samba server.

I´ve tried squidclient and ntlm_auth to manually auth the users, and that´s not seems the problem, they were both ok
# /usr/bin/ntlm_auth --username=joe
password:
NT_STATUS_OK: Success (0x0)
# wbinfo -t
checking the trust secret via RPC calls succeeded
# wbinfo -a SOMEDOM\\joe%secret
plaintext password authentication succeeded
challenge/response password authentication succeeded

and since the users are able to use the proxy normally through other computer, i dont think auth was the problem.


Here´s some details:
# squid -v
Squid Cache: Version 2.5.STABLE3
configure options:  i386-redhat-linux --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --exec_prefix=/usr --bindir=/usr/sbin --libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid --enable-poll --enable-snmp --enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,null,ufs --enable-ssl --with-openssl=/usr/kerberos --enable-delay-pools --enable-linux-netfilter --with-pthreads --enable-basic-auth-helpers=LDAP,NCSA,PAM,SMB,SASL,MSNT --enable-ntlm-auth-helpers=SMB,winbind --enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group,winbind_group --enable-auth=basic,ntlm --with-winbind-auth-challenge --enable-useragent-log --enable-referer-log

/etc/squid/squid.conf
ttp_port 10.201.1.2:3128
cache_peer localhost parent 8080 7 default no-query
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/spool/squid 20000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
debug_options ALL,1
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 80
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 50
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
authenticate_ip_ttl 3600 seconds
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
half_closed_clients off
acl password proxy_auth "/etc/squid/internet_people" REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl pornsite url_regex "/etc/squid/pornsite"
acl nopornsite url_regex "/etc/squid/nopornsite"
acl trusted_network src 10.201.1.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl CONNECT method CONNECT
http_access allow manager trusted_network
http_access deny manager
http_access allow password
http_access allow nopornsite
http_access deny pornsite
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname proxy.foo.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
memory_pools on
memory_pools_limit 90 MB
forwarded_for on
cachemgr_passwd dodol all
store_avg_object_size 8 KB
acl wupdateserver dstdomain windowsupdate.microsoft.com
always_direct allow wupdateserver
coredump_dir /var/spool/squid


Regards,