Search squid archive

Re: Java not working behind squid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Really thanks for your effort... i was not able to get back to you, just bcoz there were so many unexpected issues on the proxy...

Now your resolution didnt worked for me... 

I didnt even got the http://balancer.netdania.com/StreamingServer/StreamingServer? in my access.log

rather i could see always DENIED for balancer like the following 

TCP_DENIED/407 2912 CONNECT balancer.netdania.com:443 - NONE/- text/html


Any HELP please...



> We have a similar setup on one VLAN, with squid on linux
> authenticating
> users using active directory.  We've seen lots of
> issues with Java not
> being able to authenticate.
> 
> Testing the page you're talking about (albeit with a linux
> desktop), I get
> a java popup window asking me for my AD
> username/password/domain, I type it
> in but repeatedly it fails.
> 
> The squid access.log says:
> 
> 1251204847.837      0 172.16.1.3
> TCP_DENIED/407 1846 CONNECT balancer.netdania.com:443 -
> NONE/- text/html
> 1251204847.842      0 172.16.1.3
> TCP_DENIED/407 1846 CONNECT balancer.netdania.com:443 -
> NONE/- text/html
> 
> I'm not sure if these lines in cache.log are relevant or
> not.
> 
> [2009/08/25 13:42:00, 1]
> libsmb/ntlmssp.c:ntlmssp_update(267)
>   got NTLMSSP command 3, expected 1
> [2009/08/25 13:42:00, 1]
> libsmb/ntlmssp.c:ntlmssp_update(267)
>   got NTLMSSP command 3, expected 1
> [2009/08/25 13:42:01, 1]
> libsmb/ntlmssp.c:ntlmssp_update(267)
>   got NTLMSSP command 3, expected 1
> [2009/08/25 13:42:01, 1]
> libsmb/ntlmssp.c:ntlmssp_update(267)
>   got NTLMSSP command 3, expected 1
> [2009/08/25 13:47:02, 1]
> libsmb/ntlmssp.c:ntlmssp_update(267)
>   got NTLMSSP command 3, expected 1
> 
> My usual workaround is to add an ACL for that site which is
> far from ideal.
> I've added the following ACL:
> 
>     acl dailyfx dstdomain
> balancer.netdania.com
>     http_access allow dailyfx CONNECT
> 
> That works around the issue for me.  I still get
> prompted for the username
> and password and the logs suggest some traffic isn't
> getting through.
> 
> 1251205769.600  14385 172.16.1.3 TCP_MISS/000 7263
> CONNECT balancer.netdania.com:443 -
> FIRST_UP_PARENT/172.20.2.3 - 1251205771.233   
>   1 172.16.1.3 TCP_DENIED/407 1954 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
> - NONE/- text/html
> 1251205771.239      3 172.16.1.3
> TCP_DENIED/407 1969 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
> - NONE/- text/html
> 1251205771.516    277 172.16.1.3 TCP_MISS/200
> 1443 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
> gavinmc FIRST_UP_PARENT/172.20.2.3 application/zip
> 1251205774.813     55 172.16.1.3
> TCP_DENIED/407 1954 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
> - NONE/- text/html
> 1251205774.816      0 172.16.1.3
> TCP_DENIED/407 1969 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
> - NONE/- text/html
> 1251205776.537   1721 172.16.1.3
> TCP_MISS/200 1125 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
> gavinmc FIRST_UP_PARENT/172.20.2.3 application/zip
> 1251205779.681      1 172.16.1.3
> TCP_DENIED/407 1954 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
> - NONE/- text/html
> 1251205779.685      1 172.16.1.3
> TCP_DENIED/407 1969 GET http://balancer.netdania.com/StreamingServer/StreamingServer?
> - NONE/- text/html
> 
> If I drop the word CONNECT I get no errors at all, but that
> disables
> authentication entirely for that site.
> 
> There is definitely some issue with austhentication and
> Java.  I'm not sure
> if it might actually be Authentication+Java+SSL.  Our
> problems are
> generally with java-driven online banking applications.
> 
> Gavin 
> 
> 
> 


      


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux