Search squid archive

NTLM passthrough over https breaks during NTLM handshake

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello
I am trying to setup a squid between my exchange server and the outside world. 
I am having troubles getting ntlm to work.

[internet]---<https>---[squid]---<https>---[exchange]
Squid's job would be to terminate the ssl connection and start a new one the the ntlm server and pass the ntlm authorization through to exchange.
The ssl connections squid -> exchange is getting terminated with following error in squid
2009/09/18 09:05:38| fwdNegotiateSSL: Error negotiating SSL connection on FD 18: error:00000000:lib(0):func(0):reason(0) (5/0/0) 2009/09/18 09:05:38| TCP connection to xchg07-dev-be.dev.domain.com (10.1.3.20:443) failed
If I switch the connection Squid <-> exchange to http the connection does not break. and ntlm auth works 

I have tried all kinds of parameters in the configuration
With or without client certificate, nothing helped the connection terminates every time. 
I have also tried different version of Squid namely:

Squid Cache: Version 2.7 STABLE6
Squid Cache: Version 2.6 STABLE20

I am running Centos5 on the Server
I took a closer look at the ntlm handshake and made a tcpdump on squid to see how and when the connection is terminated 

>>>>>>>>>>>>> Page Request
Please authenticate with NTLM <<<<<<
>>>>>>>>>>>>> NTLM negotiate
NTLM challenge <<<<<<<<<<<<<<<<<<<

TCP Connection should not be terminated from here on
Squid resends Client Hello package
Exchange terminates connection.
Connection is reopened.

>>>>>>>>>>>> NTLM AUthentication
RESET <<<<<<<<<<<<<<<<<<<<<<



This is my squid config
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

extension_methods RPC_IN_DATA RPC_OUT_DATA
https_port 10.1.16.33:443 cert=/etc/squid/ssl/webmail-dev.crt key=/etc/ squid/ssl/webmail-dev.key cafile=/etc/squid/ssl/webmail-dev.crt defaultsite=webmail-dev.domain.com cache_peer 10.1.3.20 parent 443 0 no-query originserver login=PASS ssl sslcert=/etc/squid/ssl/sextans-be.cert sslkey=/etc/squid/ssl/sextans- be.key sslcafile=/etc/squid/ssl/someca-cax509.cert 
# access control
acl all src 0.0.0.0/0.0.0.0


# basic URL based access restriction for DEV Exchange 2007
acl url_allow url_regex -i ^https://webmail-dev.domain.com/

http_access allow url_allow
http_access deny all

# extra access log file
access_log /var/log/squid/access.log
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

any help would be appreciated.

Best regards
Benjamin Indermühle
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux