[squid-users] Fwd: Problems with NTLM authentication
Eliezer Croitoru
eliezer at ngtech.co.il
Mon Oct 13 20:46:14 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/07/2014 09:50 PM, Marcel wrote:
> Hello,
>
> I have some more information. The problem seems to have nothing to
> do with samba, krb5 or anything else. I set up a new squid that
> isn't in the AD and doesn't use any kind of authentication at all.
>
> I have the exact same problem. Here is my POC squid.conf:
>
> acl localnet src all http_access allow all http_port 3128
>
>
> That is the entire configuration in my tests. As you can see, it
> is absolutely impossible for it to be a configuration issue.
>
> Why can't I log on to a NTLM protected website with Internet
> Explorer when going over a squid proxy?
>
> It works fine in Firefox.
Hey Marcel,
Since it works on 3.4.8 and it doesn't work on 3.3 or 3.2 the basic
step would be to take a look at the packets\sessions to see what is
different between firefox and ie while only then compare newer
versions of squid to older.
NTLM should work in a the basic path:
1 - request
2 - 407 response
3 - negotiation
4 - new request with auth details
What have verified until now in the session\packets level?
Eliezer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUPDoWAAoJENxnfXtQ8ZQU/BYH/0iEE/+lDd+SiubNNcavmvXz
bPRAMtXSK64OehMYZwH1mnCIvUylPW3Vjv3cMjrh4uJIPIn7/WdwudniuNoxzSk7
PZEtkZYD9ZL68ns55yU7mDdDoudzRkkveplNvvmhB42Pq1OX9Nq1trPJUnfhvGJZ
iuVvE25ZIKqVNMJN+Dp9e0M6FZZ85ZVwyz2AlGI4GAnD/sIqJOKLSp/aQYgyGvYt
rE+cNQb0nypyMjc1c5uoDVB2AFh3nN5H9HMiG+S6vRdRxXMEm6d0hO6x54ZzvEYy
WBpU+CDMjcA/6aCUwx4irFEuFBKpy9ni7a01es3B1Tn5NoDyJW8bJz2F5WGbhVw=
=nyav
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list