Mace.Scott@xxxxxxxxxxxxxxxxxxx wrote on 08/02/2005 08:35:14 AM: > Mace.Scott@xxxxxxxxxxxxxxxxxxx wrote on 08/01/2005 02:54:42 PM: > > > Having a problem with certain sites that require authentication. Instead > > > of the window popping up with the fields to populate username and > > password, the url goes directly to a failed authentication page. I'm > > using Squid 2.5.STABLE3 with the x_forwarded_for, follow_x_forwarded_for > > > patch. I've looked through the archives, and can't seem to find > anything > > relevant. > > > > Is it not processing the WWW-Authenticate header properly? Thanks for > any > > > > assistance. > > > > OK, it looks like I'm making some progress in at least identifying where the error is. Apparently the site is returning WWW-Authenticate: NTLM headers and squid is not passing it on to the client. I looked through bugzilla, and it looks like all the bugs related to NTLM are for clients authenticating to squid, not to external web sites. What am I missing? Are the developers monitoring this list? I ran squid -k debug, and here is some output of that: 2005/08/02 11:04:48| init-ing hdr: 0x9971d24 owner: 2 2005/08/02 11:04:48| 0x9971d24 lookup for 37 2005/08/02 11:04:48| 0x9971d24 lookup for 9 2005/08/02 11:04:48| 0x9971d24 lookup for 21 2005/08/02 11:04:48| parsing hdr: (0x9971d24) WWW-Authenticate: NTLM Content-Length: 644 Content-Type: text/html 2005/08/02 11:04:48| creating entry 0x996fe18: near 'WWW-Authenticate: NTLM' 2005/08/02 11:04:48| created entry 0x996fe18: 'WWW-Authenticate: NTLM' 2005/08/02 11:04:48| 0x9971d24 adding entry: 52 at 0 2005/08/02 11:04:48| creating entry 0x996fd28: near 'Content-Length: 644' 2005/08/02 11:04:48| created entry 0x996fd28: 'Content-Length: 644' 2005/08/02 11:04:48| 0x9971d24 adding entry: 13 at 1 2005/08/02 11:04:48| creating entry 0x996fce8: near 'Content-Type: text/html' 2005/08/02 11:04:48| created entry 0x996fce8: 'Content-Type: text/html' 2005/08/02 11:04:48| 0x9971d24 adding entry: 17 at 2 2005/08/02 11:04:48| 0x9971d24 lookup for 37 2005/08/02 11:04:48| 0x9971d24 lookup for 9 2005/08/02 11:04:48| 0x9971d24 lookup for 21 2005/08/02 11:04:48| 0x9971d24 del-by-id 37 2005/08/02 11:04:48| deleting 'Keep-Alive' fields in hdr 0x9971d24 2005/08/02 11:04:48| 0x9971d24 lookup for 9 2005/08/02 11:04:48| 0x9971d24 lookup for 52 2005/08/02 11:04:48| destroying entry 0x996fe18: 'WWW-Authenticate: NTLM' 2005/08/02 11:04:48| created entry 0x996fe18: 'X-Cache: MISS from proxy02.ta.com' 2005/08/02 11:04:48| 0x9971d24 adding entry: 54 at 3 2005/08/02 11:04:48| created entry 0x996fca8: 'Proxy-Connection: keep-alive' 2005/08/02 11:04:48| 0x9971d24 adding entry: 37 at 4 2005/08/02 11:04:48| aclCheckFast: list: (nil) 2005/08/02 11:04:48| aclCheckFast: no matches, returning: 1 2005/08/02 11:04:48| cbdataFree: 0x996d6c0 2005/08/02 11:04:48| cbdataFree: Freeing 0x996d6c0 2005/08/02 11:04:48| aclCheckFast: list: (nil) 2005/08/02 11:04:48| aclCheckFast: no matches, returning: 1 2005/08/02 11:04:48| cbdataFree: 0x996d6c0 2005/08/02 11:04:48| cbdataFree: Freeing 0x996d6c0 2005/08/02 11:04:48| aclCheckFast: list: (nil) 2005/08/02 11:04:48| aclCheckFast: no matches, returning: 1 2005/08/02 11:04:48| cbdataFree: 0x996d6c0 2005/08/02 11:04:48| cbdataFree: Freeing 0x996d6c0 2005/08/02 11:04:48| aclCheckFast: list: (nil) 2005/08/02 11:04:48| aclCheckFast: no matches, returning: 1 2005/08/02 11:04:48| cbdataFree: 0x996d6c0 2005/08/02 11:04:48| cbdataFree: Freeing 0x996d6c0 2005/08/02 11:04:48| cbdataLock: 0x96995d8 2005/08/02 11:04:48| cbdataLock: 0x996c010 2005/08/02 11:04:48| aclCheckFast: list: 0x96995d8 2005/08/02 11:04:48| aclMatchAclList: checking all 2005/08/02 11:04:48| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0' 2005/08/02 11:04:48| aclMatchIp: '127.0.0.1' found 2005/08/02 11:04:48| aclMatchAclList: returning 1 2005/08/02 11:04:48| httpReplyBodyBuildSize: Setting maxBodySize to 0 2005/08/02 11:04:48| cbdataUnlock: 0x996c010 2005/08/02 11:04:48| cbdataUnlock: 0x96995d8 2005/08/02 11:04:48| cbdataFree: 0x996d6c0 2005/08/02 11:04:48| cbdataFree: Freeing 0x996d6c0 2005/08/02 11:04:48| clientSendMoreData: Appending 644 bytes after 100 bytes of headers 2005/08/02 11:04:48| cbdataLock: 0x969b940 2005/08/02 11:04:48| cbdataLock: 0x996c010 2005/08/02 11:04:48| aclCheckFast: list: 0x969b940 2005/08/02 11:04:48| aclMatchAclList: checking all 2005/08/02 11:04:48| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0' 2005/08/02 11:04:48| aclMatchIp: '127.0.0.1' found 2005/08/02 11:04:48| aclMatchAclList: returning 1 2005/08/02 11:04:48| cbdataUnlock: 0x996c010 2005/08/02 11:04:48| cbdataUnlock: 0x969b940 2005/08/02 11:04:48| cbdataFree: 0x996d6c0 2005/08/02 11:04:48| cbdataFree: Freeing 0x996d6c0 2005/08/02 11:04:48| The reply for GET http://www.deerfieldconstruction.com/Clients/Travel%20Centers/AshlandOH/TCA_Ashland.htm is ALLOWED, because it matched 'all' 2005/08/02 11:04:48| packing sline 0x9971d14 using 0xbfff7a20: 2005/08/02 11:04:48| HTTP/1.0 401 Unauthorized 2005/08/02 11:04:48| packing hdr: (0x9971d24) 2005/08/02 11:04:48| destroying rep: 0x9971ce8 2005/08/02 11:04:48| cleaning hdr: 0x9971d24 owner: 2 2005/08/02 11:04:48| destroying entry 0x996fd28: 'Content-Length: 644' 2005/08/02 11:04:48| destroying entry 0x996fce8: 'Content-Type: text/html' 2005/08/02 11:04:48| destroying entry 0x996fe18: 'X-Cache: MISS from proxy02.ta.com' 2005/08/02 11:04:48| destroying entry 0x996fca8: 'Proxy-Connection: keep-alive' 2005/08/02 11:04:48| comm_write: FD 10: sz 784: hndl 0xd6ce4b: data 0x996d3d0. 2005/08/02 11:04:48| cbdataLock: 0x996d3d0 2005/08/02 11:04:48| commSetSelect: FD 10 type 2 2005/08/02 11:04:48| cbdataUnlock: 0x996dc38 2005/08/02 11:04:48| storeSwapOut: http://www.deerfieldconstruction.com/Clients/Travel%20Centers/AshlandOH/TCA_Ashland.htm 2005/08/02 11:04:48| storeSwapOut: store_status = STORE_PENDING 2005/08/02 11:04:48| storeSwapOut: mem->inmem_lo = 0 2005/08/02 11:04:48| storeSwapOut: mem->inmem_hi = 744 2005/08/02 11:04:48| storeSwapOut: swapout.queue_offset = 0 2005/08/02 11:04:48| storeSwapOut: lowest_offset = 0 2005/08/02 11:04:48| httpPconnTransferDone: FD 13 2005/08/02 11:04:48| httpPconnTransferDone: content_length=644 2005/08/02 11:04:48| commSetTimeout: FD 13 timeout -1 2005/08/02 11:04:48| commSetSelect: FD 13 type 1 2005/08/02 11:04:48| comm_remove_close_handler: FD 13, handler=0xd8fd6c, data=0x996f240 2005/08/02 11:04:48| cbdataUnlock: 0x996f240 2005/08/02 11:04:48| fwdUnregister: http://www.deerfieldconstruction.com/Clients/Travel%20Centers/AshlandOH/TCA_Ashland.htm
