[squid-users] microsoft edge and proxy auth not working
Amos Jeffries
squid3 at treenet.co.nz
Thu Mar 9 16:12:04 UTC 2017
On 8/03/2017 11:28 p.m., Rietzler, Markus (RZF, Aufg 324 /
<RIETZLER_SOFTWARE>) wrote:
> i should add that we are using squid 3.5.24.
>
Try with "auth_param ntlm keep_alive off". Recently the browsers have
been needing that.
Though frankly I am surprised if Edge supports NTLM at all. It was
deprecated in April 2006 and MS announced removal was being actively
pushed in all thier software since Win7.
>
>> -----Ursprüngliche Nachricht-----
>> Von: Rietzler, Markus
>>
>> we have some windows 10 clients using microsoft edge browser.
>> access to internet is only allowed for authenticated users. we are using
>> samba/winbind auth
>>
>> auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-
>> ntlmssp
>> auth_param ntlm children 64 startup=24 idle=12
>> auth_param ntlm keep_alive on
>> acl auth_user proxy_auth REQUIRED
>>
>> on windows 10 clients with IE11 it is working (with ntlm automatic auth)
>> on the same machine, with Microsoft edge I get TCP_Denied/407 message.
>> seems I only get one single TCP_DENIED/407 line in accesslog and an auth
>> dialog pops up. I have disabled basic auth via ntlm.
>> shouldn't there be 3 lines for proxy auth? with IE11 I see those three
>> lines (2x TCP_DENIED/407 and 1x TCP_MISS/200), no popup at all.
Not specifically. There should be 1+ for NTLM. Success with NTLM shows
2+. Failure shows 1 or 3 or infinite loop (hello Safari and Firefox 30-ish).
>>
>> winbind/samba itself seems to work, as I can do an user auth against
>> apache with winbind/samba - even over some squid proxies with
>> connection-auth allowed. but not for proxy-auth.
>> is there any option in squid.conf which prevents Edge to do a successful
>> auth?
If other software succeeds then the only thing that might be related is
the keep-alive option mentioned above. Otherwise the problem is in Edge
itself.
Amos
More information about the squid-users
mailing list