<div dir="ltr"><div><div><div>Hello,<br><br></div>I unfortunately got no further response. Through experimentation I discovered that this issue is magically gone in the more current versions of Squid, for example in 3.4.8.<br><br></div>So far, so good. Now I have discovered that CPU usage (when using ntlm_auth) is pegged at 100%, rendering the server useless.<br><br></div>Rock : hard place.<br><div class="gmail_extra"><br><div class="gmail_quote">On 7 October 2014 21:25, Marcel <span dir="ltr"><<a href="mailto:lord.tek@gmail.com" target="_blank">lord.tek@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Hello,<br><br></div>thank you for your input. Unfortunately I have to disagree with you because of two reasons:<br><br></div>1. That option is already enabled<br></div>2. The NTLM authentication works fine in Internet Explorer without Squid. It only breaks when going through Squid.<br><br></div>I'd be very happy for further suggestions.<br><br><br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On 7 October 2014 21:19, Brendan Kearney <span dir="ltr"><<a href="mailto:bpk678@gmail.com" target="_blank">bpk678@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>On Tue, 2014-10-07 at 20:50 +0200, Marcel wrote:<br>
> Hello,<br>
><br>
> I have some more information.<br>
><br>
> The problem seems to have nothing to do with samba, krb5 or anything<br>
> else. I set up a new squid that isn't in the AD and doesn't use any<br>
> kind of authentication at all.<br>
><br>
><br>
> I have the exact same problem. Here is my POC squid.conf:<br>
><br>
> acl localnet src all<br>
> http_access allow all<br>
> http_port 3128<br>
><br>
><br>
><br>
> That is the entire configuration in my tests. As you can see, it is<br>
> absolutely impossible for it to be a configuration issue.<br>
><br>
> Why can't I log on to a NTLM protected website with Internet Explorer<br>
> when going over a squid proxy?<br>
><br>
><br>
> It works fine in Firefox.<br>
><br>
><br>
><br>
> ---------- Forwarded message ----------<br>
> From: foggle <<a href="mailto:lord.tek@gmail.com" target="_blank">lord.tek@gmail.com</a>><br>
> Date: 7 October 2014 18:10<br>
> Subject: [squid-users] Problems with NTLM authentication<br>
> To: <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
><br>
><br>
> Hello,<br>
><br>
> I have set up a squid Proxy that uses samba/ntlm/krb5 to do SSO AD<br>
> authentication in the Company.<br>
><br>
><br>
> This works fine.<br>
><br>
> My problem is that external Websites on the Internet that use NTLM<br>
> authentication of their own do not work. My users enter their Details<br>
> (DOMAIN\user and Password) and receive authentication failures<br>
> Messages.<br>
><br>
> Interestingly enough, this (almost) only occurs in Internet Explorer.<br>
> The<br>
> same sites work fine with Firefox.<br>
><br>
> Thank you in advance for your much needed help.<br>
><br>
><br>
><br>
> --<br>
> View this message in context:<br>
> <a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/Problems-with-NTLM-authentication-tp4667742.html" target="_blank">http://squid-web-proxy-cache.1019090.n4.nabble.com/Problems-with-NTLM-authentication-tp4667742.html</a><br>
> Sent from the Squid - Users mailing list archive at Nabble.com.<br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
> <a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
> <a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
<br>
</div></div>not something that squid would be affecting, as squid has nothing to do<br>
with the auth to the website.<br>
<br>
Tools -> Internet Options -> Advanced tab: scroll down until you<br>
Security. Under Security, check the "Enable Integrated Windows<br>
Authentication*" check box, and restart your browser.<br>
<br>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div></div>