Search squid archive

Re: Problems with password authenticationed site

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tony wrote:

Users are trying to access http://sms.warnerleach.co.uk which resolves to
212.50.183.91 but the page is failing with:

#####
You are not authorized to view this page You do not have permission to view this directory or page using the
credentials you supplied.
######

What you should get is a popup username/password box, which happens when you
don't go via Squid. I've tested this on 2 different Squid servers and get
the same problem.

Other sites that have a popup username/password box work fine.
I can't see anything in the logs that looks out of place.

Below is a TCPDUMP of the request.

###########################

# tcpdump -i eth0 host sms.warnerleach.co.uk
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:14:52.530883 IP 192.168.0.44.35562 > 212.50.183.91.http: S
1116476814:1116476814(0) win 5840 <mss 1460,sackOK,timestamp 877066833
0,nop,wscale 2>
18:14:52.537448 IP 212.50.183.91.http > 192.168.0.44.35562: S
3742409619:3742409619(0) ack 1116476815 win 17520 <mss 1460,nop,wscale
0,nop,nop,timestamp 0 0,nop,nop,sackOK>
18:14:52.537502 IP 192.168.0.44.35562 > 212.50.183.91.http: . ack 1 win 1460
<nop,nop,timestamp 877066840 0>
18:14:52.537980 IP 192.168.0.44.35562 > 212.50.183.91.http: P 1:335(334) ack
1 win 1460 <nop,nop,timestamp 877066841 0>
18:14:52.547872 IP 212.50.183.91.http > 192.168.0.44.35562: . 1:1449(1448)
ack 335 win 17186 <nop,nop,timestamp 7218528 877066841>
18:14:52.547953 IP 192.168.0.44.35562 > 212.50.183.91.http: . ack 1449 win
2184 <nop,nop,timestamp 877066851 7218528>
18:14:52.547996 IP 212.50.183.91.http > 192.168.0.44.35562: .
1449:2897(1448) ack 335 win 17186 <nop,nop,timestamp 7218528 877066841>
18:14:52.548017 IP 192.168.0.44.35562 > 212.50.183.91.http: . ack 2897 win
2908 <nop,nop,timestamp 877066851 7218528>
18:14:52.548022 IP 212.50.183.91.http > 192.168.0.44.35562: . 2897:2921(24)
ack 335 win 17186 <nop,nop,timestamp 7218528 877066841>
18:14:52.548035 IP 192.168.0.44.35562 > 212.50.183.91.http: . ack 2921 win
2908 <nop,nop,timestamp 877066851 7218528>
18:14:52.556413 IP 212.50.183.91.http > 192.168.0.44.35562: .
2921:4369(1448) ack 335 win 17186 <nop,nop,timestamp 7218528 877066851>
18:14:52.556438 IP 192.168.0.44.35562 > 212.50.183.91.http: . ack 4369 win
3632 <nop,nop,timestamp 877066859 7218528>
18:14:52.556443 IP 212.50.183.91.http > 192.168.0.44.35562: FP
4369:4626(257) ack 335 win 17186 <nop,nop,timestamp 7218528 877066851>
18:14:52.556707 IP 192.168.0.44.35562 > 212.50.183.91.http: F 335:335(0) ack
4627 win 3632 <nop,nop,timestamp 877066860 7218528>
18:14:52.563037 IP 212.50.183.91.http > 192.168.0.44.35562: . ack 336 win
17186 <nop,nop,timestamp 7218528 877066860>

###########################

Thanks Tony
The site in question is using NTLM authentication which violates the HTTP standards. See http://www.squid-cache.org/mail-archive/squid-dev/200304/0115.html and http://support.microsoft.com/default.aspx?scid=kb;en-us;264921#E0QB0ACAAA (the Windows NT Challenge/Response section) for more information.

Chris

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux