Search squid archive

Re: Squid, ntlm, java, and gotomeeting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Kevin Blackwell wrote:

Hi,

I currently have a deployment of Squid. We use it to track surfing
habbits of users on Windows 2003 Terminal Servers. It's AD aware and
using ntlm.

It seems that when a users tries to goto gotomeeting.com and start a
meeting. An Auth box pops up that says ntlm at the top and ask for

Username
Password
domain

I've tried the administrator login info, doesn't work.

From what I can tell this is a java app trying to make a connection to
gotomeeting server and squid isn't allowing it.

Here's the squid logs from the attempt.

10.0.0.0 - tuser [03/Feb/2009:17:49:16 -0600] "CONNECT
www1.gotomeeting.com:443 HTTP/1.0" 200 30252 TCP_MISS:DIRECT
10.0.0.0 - tuser [03/Feb/2009:17:49:17 -0600] "CONNECT
www1.gotomeeting.com:443 HTTP/1.0" 200 3412 TCP_MISS:DIRECT
10.0.0.0 - tuser [03/Feb/2009:17:49:18 -0600] "CONNECT
www1.gotomeeting.com:443 HTTP/1.0" 200 4484 TCP_MISS:DIRECT
10.0.0.0 - tuser [03/Feb/2009:17:49:18 -0600] "CONNECT
www1.gotomeeting.com:443 HTTP/1.0" 200 6568 TCP_MISS:DIRECT
10.0.0.0 - tuser [03/Feb/2009:17:49:19 -0600] "CONNECT
www1.gotomeeting.com:443 HTTP/1.0" 200 1345 TCP_MISS:DIRECT
10.0.0.0 - tuser [03/Feb/2009:17:49:19 -0600] "CONNECT
www1.gotomeeting.com:443 HTTP/1.0" 200 18271 TCP_MISS:DIRECT
10.0.0.0 - tuser [03/Feb/2009:17:49:28 -0600] "CONNECT
ssl.google-analytics.com:443 HTTP/1.0" 200 11673 TCP_MISS:DIRECT
10.0.0.0 - tuser [03/Feb/2009:17:50:20 -0600] "CONNECT
www1.gotomeeting.com:443 HTTP/1.0" 200 12437 TCP_MISS:DIRECT
10.0.0.0 - tuser [03/Feb/2009:17:50:25 -0600] "CONNECT
col.gotomeeting.com:443 HTTP/1.0" 200 9930 TCP_MISS:DIRECT

Anyone know of a work around?
As far as I can find, the JRE after 1.5.08 and later support NTLM, but I think that the applet writer might need to specifically implement this support.
The only sure-fire work around that I know of is to allow the Java User Agent out (perhaps only to specific sites) without requiring authentication. 

acl Java browser Java/[0-9]
acl JavaSites dstdomain .gotomeeting.com
acl our_networks src 192.168.45.0/28
http_access allow Java our_networks JavaSites


Kevin


Chris
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux