mån 2007-06-25 klockan 17:47 +0200 skrev Joerg Schuetter: > Browsing the Internet is only permitted after athenticating (NTLM > w/ ADS). This will run undetected by most users since this part is > done by the client. > After upgrading our system to debian Etch (squid=2.6.5-6, > winbind=3.0.24-6etch4, samba=3.0.24-6etch4) we started having > some problems (I'll use separate mails for each problem). > > When our users try to connect to > https://keylink.ubs.com/keylink.ubs.com/client/int/startklw.html > they will not be able to use this service. > In the log of the proxy I have this line: > 1182327931.205 0 x.y.z.a TCP_DENIED/400 1614 NONE \ > error:unsupported-request-method - NONE/- text/html What did cache.log say here? > Digging a little bit deeper with a sniffer I found that the > header line CONNECT is missing. The older squid version > (2.5.12-4) seemed to ignore this. ??? Can you provide a bit more details on that? > The workaround to keep the users doing their jobs was to grant > access to ksylink.ubs.com without userauthentication. > But what's the clean way to solve this? First I need to understand the problem on the wire level.. But if authentication makes a difference and it worked in earlier Squid versions using NTLM then try "auth_param ntlm keep_alive off". This might work around some client brokenness. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
