Hi Javier, Well you will be glad to know that i am using IWA with windows 7 and its working great it most part. by IWA i mean using negotiated kerberos authentication which is what i think IWA basically is There are just a few hicckups that happen but that also happens with NTLM being this issue. I also cannot get itunes to use the proxy properly with authentication due to 100 popups asking for passwords. I will be working on this sharepoint issue more tomorrow however. Cheers, Simon On Wed, 2012-04-18 at 23:18 +0200, Javier Conti wrote: > On 18 April 2012 23:07, Simon Dwyer <mail@xxxxxxxxxx> wrote: > > I have seen this problem on a windows 7 and a Fedora 16 machine. I > > think i can rule out the windows machine for once ;) > > > > I am using FF on the linux machine... is that known to have double ntlm > > issues? > > It is known for Windows 7 (I don't know about Linux clients) to behave > differently from Windows XP. > > As Clem suggested, there are a few settings that should make 7 behave > similarly to XP. I tried all of them (according to support at least) but > unfortunately, the problem persists. > > I would be more than happy to know that someone is successfully doing > Integrated Windows Authentication through Squid with a Windows 7 client! > > Regards, Javier > > > > > Simon > > > > On Wed, 2012-04-18 at 19:36 +0200, Clem wrote: > >> Hello, > >> > >> Try to set "Send LM & NTLM - use NTLMv2 session security if negotiated" > >> in local policies (secpol.msc) > >> > >> Go to: Local Policies > Security Options > >> > >> Find "Network Security: LAN Manager authentication level" > >> > >> Change Setting from "Send NTLMv2 response only" > >> to > >> "Send LM & NTLM - use NTLMv2 session security if negotiated" > >> > >> Good luck ! > >> > >> > >> Clem > >> > >> Le 18/04/2012 18:51, Javier Conti a écrit : > >> > On 18 April 2012 07:33, Simon Dwyer<mail@xxxxxxxxxx> wrote: > >> >> Hi all, > >> >> > >> >> I have just implemented squid with kerberos + ntlm + basic > >> >> authentication. > >> >> > >> >> I have just been told accessing a sharepoint website on the internet has > >> >> stopped working. > >> >> > >> >> It seems the site is running NTLM authentcation. > >> >> > >> >> I have wiresharked the traffic on the proxy and can see the request come > >> >> in from the client then out to the web server and the NTLM fields are > >> >> left in place. > >> >> > >> >> The sharepoint server is responding with a 401 unauthroized. > >> >> > >> >> Where would be the next place to start looking? > >> > Are you trying with Windows 7 clients? If yes, have you tried with a Windows > >> > XP one? > >> > > >> > I'm facing the same problem (getting Integrated Windows Authentication to > >> > work through Squid) and as long as clients are Windows XP it works fine. > >> > > >> > If this is the case, I can tell you that we already tried to lower the > >> > security settings in Windows 7 to something comparable to those of Windows > >> > XP but still see differences in behaviour (and still have the problem)... > >> > > >> > Regards, Javier > >> > > >> > PS: excuse me OP if the message went through twice, but Andoird doesn't > >> > let me send plain text emails and the first one got bounced :( > >> > > >> >> I am running 3.1.10. > >> >> > >> >> Thanks all, > >> >> > >> >> Simon > >> >> > > > >
