Chris, Thanks, that pretty much cleared my doubt. On Wed, Nov 26, 2008 at 6:33 PM, Chris Robertson <crobertson@xxxxxxx> wrote: > Matias Chris wrote: >> >> Hello All, >> >> Im currently in the process of changing the way we authenticate users >> from LDAP to NTLMSSP. Now we are in test phase and while ntlm auth is >> working fine and allowing all users that are already logged to the AD >> Domain to access the web without asking for their credentials, Im >> seeing a lot of denied attempts at the log. >> Is like for every page visited I have now two log entries, one is >> denied, and the other one is allowed. >> > > That's due to the design of NTLM. See > http://devel.squid-cache.org/ntlm/client_proxy_protocol.html > >> Is there any way to tweak squid to avoid doing this? AD DC is on the >> same phisycal LAN. >> > > I suppose you could refrain from logging 407 responses... > >> 1227614260.463 0 127.0.0.1 TCP_DENIED/407 2083 POST >> http://mail.google.com/a/matiaschris.com.ar/channel/bind? - NONE/- >> text/html >> 1227614261.218 188 127.0.0.1 TCP_MISS/200 351 POST >> http://mail.google.com/a/matiaschris.com.ar/channel/bind? mchrist >> DIRECT/66.102.9.18 text/html >> >> Any help will be much appreciated. Thanks. >> > > Chris >