Search squid archive

Re: NTLM accelerator authentication weirdness

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



cc'ing David W. who appears to have the same issue on 2.7 with similar but different pass-thru code.

Alan Lehman wrote:
Yes. Multiple authentication methods, triggered from multiple sources,

going via multiple paths can be confusing.

Squid auth_param elided, which leaves:

"A user name and password are being requested by ..."
    == basic challenge by ISA.

"Enter user name and password for ..."
    == integrated/NTLM challenge by ISA.


I'm now thinking we have two distinct configurations for Squid:

Basic Auth (only) passed back
  cache_peer ... login=PASS connection-auth=off

NTLM Auth (only) passed back:
  cache_peer ... connection-auth=on


Which appear to be non-compatible auth methods at present.
What happens if you re-enable the connection-auth on https_port and remove the login=PASS from cache_peer?

Amos


OWA is back to the previous double login with Firefox. Activesync PDA
won't accept login.

Oh dear. Well if its not working individually or combined, I'm stumped.
At least we have one method that works for Alan. (Dean it turned out to be turning connection-auth=off on the port).

But having to turn it off is not good. I've opened a bug report to track this. http://www.squid-cache.org/bugs/show_bug.cgi?id=2572

Is there any possibility of getting a full trace of the headers to/from Squid from both the Client and the Server facing links when NTLM is being attempted? If so that would be useful info for the bug, so someone with a bit more knowledge and time than me can track down what needs to be fixed.

Along with:
 * build configuration options (squid -v output)
 * full (comment free) configuration settings
 * cache.log trace at level ALL,9 for the request duration.


PS. If either of you has the inclination to wade through that data and guess at what the problem is it would be a great help too.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
  Current Beta Squid 3.1.0.3

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux