Gavin , Try putting this acl acl Java browser Java/1.4 Java/1.5 Java/1.6 http_access allow Java This worked for me when using NTLauth. Regards Tej On Tue, Sep 1, 2009 at 2:45 PM, Truth Seeker<truth_seeker_3535@xxxxxxxxx> wrote: > > Really thanks for your effort... i was not able to get back to you, just bcoz there were so many unexpected issues on the proxy... > > Now your resolution didnt worked for me... > > I didnt even got the http://balancer.netdania.com/StreamingServer/StreamingServer? in my access.log > > rather i could see always DENIED for balancer like the following > > TCP_DENIED/407 2912 CONNECT balancer.netdania.com:443 - NONE/- text/html > > > Any HELP please... > > > >> We have a similar setup on one VLAN, with squid on linux >> authenticating >> users using active directory. We've seen lots of >> issues with Java not >> being able to authenticate. >> >> Testing the page you're talking about (albeit with a linux >> desktop), I get >> a java popup window asking me for my AD >> username/password/domain, I type it >> in but repeatedly it fails. >> >> The squid access.log says: >> >> 1251204847.837 0 172.16.1.3 >> TCP_DENIED/407 1846 CONNECT balancer.netdania.com:443 - >> NONE/- text/html >> 1251204847.842 0 172.16.1.3 >> TCP_DENIED/407 1846 CONNECT balancer.netdania.com:443 - >> NONE/- text/html >> >> I'm not sure if these lines in cache.log are relevant or >> not. >> >> [2009/08/25 13:42:00, 1] >> libsmb/ntlmssp.c:ntlmssp_update(267) >> got NTLMSSP command 3, expected 1 >> [2009/08/25 13:42:00, 1] >> libsmb/ntlmssp.c:ntlmssp_update(267) >> got NTLMSSP command 3, expected 1 >> [2009/08/25 13:42:01, 1] >> libsmb/ntlmssp.c:ntlmssp_update(267) >> got NTLMSSP command 3, expected 1 >> [2009/08/25 13:42:01, 1] >> libsmb/ntlmssp.c:ntlmssp_update(267) >> got NTLMSSP command 3, expected 1 >> [2009/08/25 13:47:02, 1] >> libsmb/ntlmssp.c:ntlmssp_update(267) >> got NTLMSSP command 3, expected 1 >> >> My usual workaround is to add an ACL for that site which is >> far from ideal. >> I've added the following ACL: >> >> acl dailyfx dstdomain >> balancer.netdania.com >> http_access allow dailyfx CONNECT >> >> That works around the issue for me. I still get >> prompted for the username >> and password and the logs suggest some traffic isn't >> getting through. >> >> 1251205769.600 14385 172.16.1.3 TCP_MISS/000 7263 >> CONNECT balancer.netdania.com:443 - >> FIRST_UP_PARENT/172.20.2.3 - 1251205771.233 >> 1 172.16.1.3 TCP_DENIED/407 1954 GET http://balancer.netdania.com/StreamingServer/StreamingServer? >> - NONE/- text/html >> 1251205771.239 3 172.16.1.3 >> TCP_DENIED/407 1969 GET http://balancer.netdania.com/StreamingServer/StreamingServer? >> - NONE/- text/html >> 1251205771.516 277 172.16.1.3 TCP_MISS/200 >> 1443 GET http://balancer.netdania.com/StreamingServer/StreamingServer? >> gavinmc FIRST_UP_PARENT/172.20.2.3 application/zip >> 1251205774.813 55 172.16.1.3 >> TCP_DENIED/407 1954 GET http://balancer.netdania.com/StreamingServer/StreamingServer? >> - NONE/- text/html >> 1251205774.816 0 172.16.1.3 >> TCP_DENIED/407 1969 GET http://balancer.netdania.com/StreamingServer/StreamingServer? >> - NONE/- text/html >> 1251205776.537 1721 172.16.1.3 >> TCP_MISS/200 1125 GET http://balancer.netdania.com/StreamingServer/StreamingServer? >> gavinmc FIRST_UP_PARENT/172.20.2.3 application/zip >> 1251205779.681 1 172.16.1.3 >> TCP_DENIED/407 1954 GET http://balancer.netdania.com/StreamingServer/StreamingServer? >> - NONE/- text/html >> 1251205779.685 1 172.16.1.3 >> TCP_DENIED/407 1969 GET http://balancer.netdania.com/StreamingServer/StreamingServer? >> - NONE/- text/html >> >> If I drop the word CONNECT I get no errors at all, but that >> disables >> authentication entirely for that site. >> >> There is definitely some issue with austhentication and >> Java. I'm not sure >> if it might actually be Authentication+Java+SSL. Our >> problems are >> generally with java-driven online banking applications. >> >> Gavin >> >> >> > > > >
