[squid-users] Authentication problem

Amos Jeffries squid3 at treenet.co.nz
Tue Nov 1 02:32:36 UTC 2016

On 1/11/2016 6:31 a.m., Eduardo Carneiro wrote:
> Hi all.
> I have a strange authentication issue in my squid 3.5.19. My workstations
> only can authenticate if they are entered into the domain. When they doesn't
> entered into the domain, I access any URL on browser (Firefox and Chrome
> tested) and I'm not able authenticate on the boxes that are shown to me.
> Squid logs show me "TCP_DENIED/407".

Meaning either no credentials were give, or the ones given would not
work, or the NTLM handshake initial request happened.

> Bellow is my squid.conf authentication configuration:
> ---
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 140
> auth_param ntlm keep_alive on

Try with "keep_alive off" on the above line. It may prevent recent
Browsers using the Basic auth when NTLM fails (which it will for
off-domain users).


More information about the squid-users mailing list