Search squid archive

Re: NTLM authentica​tion to external sites using Windows 7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 19/11/2011 2:03 a.m., Øyvind Haddal wrote:
I am in the process of evaluating and testing a Squid configuration in
my environment, I have everything working the way I want except for
one thing; NTLM authentication with Windows 7 clients to a site in
another domain

Squid proxy is configured with multiple Bluecoat proxy servers as
parents, which handles all the user authentication using LDAP.
However, I also have a requirement that users sometimes log on a site
located in a different domain, using personal Windows credentials for
that domain. This works without any problem with Windows XP clients,
but Windows 7 clients just keep getting the login prompt and are
unable to log in.

I've configured the GPO for NTLMv1 on my domain, as suggested by other
threads, but this did not make any difference. All other threads I
have found are for issues where you want to use NTLM for Squid
authentication, which is not what I am trying to do.

Avoid NTLMv1. XP and later all support NTLMv2 and there is no difference between NTLM versions to Squid.

The squid config you show is not doing anything except passing credentials untouched to the peers.

Hoping someone can assist or at least point me in the right direction
to solve this.

Grab a copy of the HTTP headers in the request and replies to that website. Likely it is offering Negotiate support and the Windows 7 machines are trying to use it.

Alternatively it could actually be requiring any one of a number of obsolete Microsoft protocols or encryption methods which all get called "NTLM" and have been dropped from Windows 7.


Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux