> Yes. Multiple authentication methods, triggered from multiple sources, > going via multiple paths can be confusing. > > Squid auth_param elided, which leaves: > > "A user name and password are being requested by ..." > == basic challenge by ISA. > > "Enter user name and password for ..." > == integrated/NTLM challenge by ISA. > > > I'm now thinking we have two distinct configurations for Squid: > > Basic Auth (only) passed back > cache_peer ... login=PASS connection-auth=off > > NTLM Auth (only) passed back: > cache_peer ... connection-auth=on > > > Which appear to be non-compatible auth methods at present. > What happens if you re-enable the connection-auth on https_port and > remove the login=PASS from cache_peer? > > Amos > OWA is back to the previous double login with Firefox. Activesync PDA won't accept login.
