<div dir="ltr">Hi Amos and Dima,<div><br></div><div>I'm having the exact same problem. After updating Chrome to version (<span style="color:rgb(48,57,66);font-family:'Segoe UI',Tahoma,sans-serif;font-size:12px">47.0.2526.73 m</span>) I'm no longer able to authenticate. IE and Firefox still seem to work fine. I haven't changed anything in my config file for months.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Dec 4, 2015 at 5:22 AM, Dima Ermakov <span dir="ltr"><<a href="mailto:demonihin@gmail.com" target="_blank">demonihin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div><div><div><div>Thank you, Amos.<br><br></div>I checked all, that you wrote.<br></div>It didn't help me.<br><br></div>I have this problem only on google chrome browser. <br></div>Before 2015-12-03 all was good.<br></div>I didn't change my configuration more than one month.<br><br></div>Ten minutes ago<span name="Noel Kelly"> "Noel Kelly</span> <span><a href="mailto:nkelly@citrusnetworks.net" target="_blank">nkelly@citrusnetworks.net</a>" wrote in this list, that google chrome v47 has broken NTLM authentication.<br></span></div><span>My clients with problems has google chrome v47 (((<br><br></span></div><div><span>Mozilla Firefox clients work good.<br><br></span></div><div><span>Thank you!<br></span></div><div><span><br></span></div><span>This is message from Noel Kelly:<br>"<br></span><br>Hi<br>
<br>
For information, the latest version of Google Chrome (v47.0.2526.73M) has broken NTLM authentication:<br>
<br>
<a href="https://code.google.com/p/chromium/issues/detail?id=544255" rel="noreferrer" target="_blank">https://code.google.com/p/chromium/issues/detail?id=544255</a><br>
<a href="https://productforums.google.com/forum/#%21topic/chrome/G_9eXH9c_ns;context-place=forum/chrome" rel="noreferrer" target="_blank">https://productforums.google.com/forum/#!topic/chrome/G_9eXH9c_ns;context-place=forum/chrome</a><br>
<br>
Cheers<span class=""><br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br><br>"<br></span></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On 4 December 2015 at 04:55, Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On 4/12/2015 9:46 a.m., Dima Ermakov wrote:<br>
> Hi!<br>
> I have a problem with authentiation.<br>
><br>
> I use samba ntlm authentication in my network.<br>
><br>
> Some users ( not all ) have problems with http traffic.<br>
><br>
> They see basic authentication request.<br>
<br>
</span>Meaning you *dont* have NTLM authentication on your network.<br>
<br>
Or you are making the mistake of thinking a popup means Basic<br>
authentication.<br>
<span><br>
> If they enter correct domain login and password, they have auth error.<br>
> If this users try to open https sites: all works good, they have not any<br>
> type of errors.<br>
<br>
</span>So,<br>
a) they are probably not going through this proxy, or<br>
b) the browser is suppressing the proxy-auth popups, or<br>
c) the authentication request is not coming from *your* proxy.<br>
<span><br>
><br>
> So we have errors only with unencrypted connections.<br>
><br>
> I have this error on two servers:<br>
> debian8, squid3.4 (from repository)<br>
> CentOS7, squid3.3.8 (from repository).<br>
><br>
<br>
</span>Two things to try:<br>
<br>
1) Adding a line like this before the group access controls in<br>
frntend.conf. This will ensure that authentiation credentials are valid<br>
before doing group lookups:<br>
http_access deny !AuthorizedUsers<br>
<br>
<br>
2) checking up on the Debian winbind issue mentioned in<br>
<<a href="http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm#winbind_privileged_pipe_permissions" rel="noreferrer" target="_blank">http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm#winbind_privileged_pipe_permissions</a>><br>
<br>
Im not sure about this it is likely to be involved on Debian, but CentOS<br>
is not known to have that issue.<br>
<br>
<br>
Oh and:<br>
3) remove the "acl manager" line from squid.conf.<br>
<br>
4) change your cachemgr_passwd. Commenting it out does not hide it from<br>
view when you post it on this public mailing list.<br>
<br>
You should remove all the commented out directives as well, some of them<br>
may be leading to misunderstanding of what the config is actually doing.<br>
<br>
<br>
Amos<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div><br><br clear="all"><br></div></div><span class="">-- <br><div><div dir="ltr">С уважением, Дмитрий Ермаков.<br></div></div>
</span></div>
<br>_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><font face="arial, helvetica, sans-serif" size="2">Samuel Anderson | System Administrator | International Document Services</font><div><font face="arial, helvetica, sans-serif" size="2"><br></font></div><div><font face="arial, helvetica, sans-serif" size="2">IDS | 11629 South 700 East, Suite 200 | Draper, UT 84020-4607</font></div><div style="text-align:right"><img src="http://nationalmortgageprofessional.com/sites/default/files/images/IDS_Logo_03_12.topstoryimage.jpg" width="96" height="88"><br></div></div></div></div></div>
</div>
<br>
<div style="font-family:Arial,Helvetica,sans-serif"><font face="Arial, Helvetica, sans-serif" size="4">CONFIDENTIALITY NOTICE:</font></div><div style="font-family:Arial,Helvetica,sans-serif"><font size="4"><font face="Arial, Helvetica, sans-serif" style="font-family:Arial,Helvetica,sans-serif">This e-mail and any attachments are confidential. If you are not an intended recipient, please contact the sender to report the error and delete all copies of this message from your system. </font><font face="Arial, Helvetica, sans-serif">Any unauthorized review, use, disclosure or distribution is prohibited</font><font face="Arial, Helvetica, sans-serif">.</font></font></div>