[squid-users] microsoft edge and proxy auth not working

Rietzler, Markus (RZF, Aufg 324 / <RIETZLER_SOFTWARE>) markus.rietzler at fv.nrw.de
Fri Mar 10 09:50:02 UTC 2017 

we have tried with "auth_param ntlm keep_alive off", but both with on/off it does not make a difference.
seems realy to be connected to patch level and installed patches on windows 10.


> -----Ursprüngliche Nachricht-----
> Von: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] Im
> Auftrag von Amos Jeffries
> Gesendet: Donnerstag, 9. März 2017 17:12
> An: squid-users at lists.squid-cache.org
> Betreff: Re: [squid-users] microsoft edge and proxy auth not working
> 
> On 8/03/2017 11:28 p.m., Rietzler, Markus (RZF, Aufg 324 /
> <RIETZLER_SOFTWARE>) wrote:
> > i should add that we are using squid 3.5.24.
> >
> 
> Try with "auth_param ntlm keep_alive off". Recently the browsers have
> been needing that.
> 
> Though frankly I am surprised if Edge supports NTLM at all. It was
> deprecated in April 2006 and MS announced removal was being actively
> pushed in all thier software since Win7.
> 
> >
> >> -----Ursprüngliche Nachricht-----
> >> Von: Rietzler, Markus
> >>
> >> we have some windows 10 clients using microsoft edge browser.
> >> access to internet is only allowed for authenticated users. we are
> using
> >> samba/winbind auth
> >>
> >> auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-
> 2.5-
> >> ntlmssp
> >> auth_param ntlm children 64 startup=24 idle=12
> >> auth_param ntlm keep_alive on
> >> acl auth_user proxy_auth REQUIRED
> >>
> >> on windows 10 clients with IE11 it is working (with ntlm automatic
> auth)
> >> on the same machine, with Microsoft edge I get TCP_Denied/407
> message.
> >> seems I only get one single TCP_DENIED/407 line in accesslog and an
> auth
> >> dialog pops up. I have disabled basic auth via ntlm.
> >> shouldn't there be 3 lines for proxy auth? with IE11 I see those
> three
> >> lines (2x TCP_DENIED/407 and 1x TCP_MISS/200), no popup at all.
> 
> Not specifically. There should be 1+ for NTLM. Success with NTLM shows
> 2+. Failure shows 1 or 3 or infinite loop (hello Safari and Firefox 30-
> ish).
> 
> 
> >>
> >> winbind/samba itself seems to work, as I can do an user auth against
> >> apache with winbind/samba - even over some squid proxies with
> >> connection-auth allowed. but not for proxy-auth.
> >> is there any option in squid.conf which prevents Edge to do a
> successful
> >> auth?
> 
> If other software succeeds then the only thing that might be related is
> the keep-alive option mentioned above. Otherwise the problem is in Edge
> itself.
> 
> Amos
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list