On 19/11/2011 2:03 a.m., Øyvind Haddal wrote:
I am in the process of evaluating and testing a Squid configuration in my environment, I have everything working the way I want except for one thing; NTLM authentication with Windows 7 clients to a site in another domain Squid proxy is configured with multiple Bluecoat proxy servers as parents, which handles all the user authentication using LDAP. However, I also have a requirement that users sometimes log on a site located in a different domain, using personal Windows credentials for that domain. This works without any problem with Windows XP clients, but Windows 7 clients just keep getting the login prompt and are unable to log in. I've configured the GPO for NTLMv1 on my domain, as suggested by other threads, but this did not make any difference. All other threads I have found are for issues where you want to use NTLM for Squid authentication, which is not what I am trying to do.
Avoid NTLMv1. XP and later all support NTLMv2 and there is no difference between NTLM versions to Squid.
The squid config you show is not doing anything except passing credentials untouched to the peers.
Hoping someone can assist or at least point me in the right direction to solve this.
Grab a copy of the HTTP headers in the request and replies to that website. Likely it is offering Negotiate support and the Windows 7 machines are trying to use it.
Alternatively it could actually be requiring any one of a number of obsolete Microsoft protocols or encryption methods which all get called "NTLM" and have been dropped from Windows 7.
Amos