Hi all,
I've been testing the behavior of Challenge/Response today with
cache peers. the versions etc are not relevant as I have Challenge/Response
and BASIC working fine if I point directly to the unit. Below is a makeshift
diagram of how I've set this up now:
---------
| squid |
| NTLM | ----> Windows 2003
---------
|
/ \
peer1 -- peer2
\ /
\ /
main cache
I point to "main cache", which has two parents which are the only routes
(never_direct + always_direct) - login=PASS is on my peer lines. On those
two I have setup each of them as siblings with login=PASS, and a parent of
the squid NTLM authenticating unit (which works fine if I point direct),
also with login=PASS.
The behavior I see is that if I'm using the auth box, I have to login (with
basic) with DOMAIN\user (and challenge response works). If I go through the
peers I have to login with only the user - if I add the domain it doesn't
work at _all_. When I try challenge response it naturally doesn't work as
the username gets passed with no domain...
Is the fix for this as simple as it seems? Or is the problem more
complicated. I'd really like to get this working...
Any suggestions?
Thanks
Dave
