Really thanks for your effort... i was not able to get back to you, just bcoz there were so many unexpected issues on the proxy... Now your resolution didnt worked for me... I didnt even got the http://balancer.netdania.com/StreamingServer/StreamingServer? in my access.log rather i could see always DENIED for balancer like the following TCP_DENIED/407 2912 CONNECT balancer.netdania.com:443 - NONE/- text/html Any HELP please... > We have a similar setup on one VLAN, with squid on linux > authenticating > users using active directory. We've seen lots of > issues with Java not > being able to authenticate. > > Testing the page you're talking about (albeit with a linux > desktop), I get > a java popup window asking me for my AD > username/password/domain, I type it > in but repeatedly it fails. > > The squid access.log says: > > 1251204847.837 0 172.16.1.3 > TCP_DENIED/407 1846 CONNECT balancer.netdania.com:443 - > NONE/- text/html > 1251204847.842 0 172.16.1.3 > TCP_DENIED/407 1846 CONNECT balancer.netdania.com:443 - > NONE/- text/html > > I'm not sure if these lines in cache.log are relevant or > not. > > [2009/08/25 13:42:00, 1] > libsmb/ntlmssp.c:ntlmssp_update(267) > got NTLMSSP command 3, expected 1 > [2009/08/25 13:42:00, 1] > libsmb/ntlmssp.c:ntlmssp_update(267) > got NTLMSSP command 3, expected 1 > [2009/08/25 13:42:01, 1] > libsmb/ntlmssp.c:ntlmssp_update(267) > got NTLMSSP command 3, expected 1 > [2009/08/25 13:42:01, 1] > libsmb/ntlmssp.c:ntlmssp_update(267) > got NTLMSSP command 3, expected 1 > [2009/08/25 13:47:02, 1] > libsmb/ntlmssp.c:ntlmssp_update(267) > got NTLMSSP command 3, expected 1 > > My usual workaround is to add an ACL for that site which is > far from ideal. > I've added the following ACL: > > acl dailyfx dstdomain > balancer.netdania.com > http_access allow dailyfx CONNECT > > That works around the issue for me. I still get > prompted for the username > and password and the logs suggest some traffic isn't > getting through. > > 1251205769.600 14385 172.16.1.3 TCP_MISS/000 7263 > CONNECT balancer.netdania.com:443 - > FIRST_UP_PARENT/172.20.2.3 - 1251205771.233 > 1 172.16.1.3 TCP_DENIED/407 1954 GET http://balancer.netdania.com/StreamingServer/StreamingServer? > - NONE/- text/html > 1251205771.239 3 172.16.1.3 > TCP_DENIED/407 1969 GET http://balancer.netdania.com/StreamingServer/StreamingServer? > - NONE/- text/html > 1251205771.516 277 172.16.1.3 TCP_MISS/200 > 1443 GET http://balancer.netdania.com/StreamingServer/StreamingServer? > gavinmc FIRST_UP_PARENT/172.20.2.3 application/zip > 1251205774.813 55 172.16.1.3 > TCP_DENIED/407 1954 GET http://balancer.netdania.com/StreamingServer/StreamingServer? > - NONE/- text/html > 1251205774.816 0 172.16.1.3 > TCP_DENIED/407 1969 GET http://balancer.netdania.com/StreamingServer/StreamingServer? > - NONE/- text/html > 1251205776.537 1721 172.16.1.3 > TCP_MISS/200 1125 GET http://balancer.netdania.com/StreamingServer/StreamingServer? > gavinmc FIRST_UP_PARENT/172.20.2.3 application/zip > 1251205779.681 1 172.16.1.3 > TCP_DENIED/407 1954 GET http://balancer.netdania.com/StreamingServer/StreamingServer? > - NONE/- text/html > 1251205779.685 1 172.16.1.3 > TCP_DENIED/407 1969 GET http://balancer.netdania.com/StreamingServer/StreamingServer? > - NONE/- text/html > > If I drop the word CONNECT I get no errors at all, but that > disables > authentication entirely for that site. > > There is definitely some issue with austhentication and > Java. I'm not sure > if it might actually be Authentication+Java+SSL. Our > problems are > generally with java-driven online banking applications. > > Gavin > > >
