On 19 April 2012 00:05, Simon Dwyer <mail@xxxxxxxxxx> wrote: > Hi Javier, > > Well you will be glad to know that i am using IWA with windows 7 and its > working great it most part. > > by IWA i mean using negotiated kerberos authentication which is what i > think IWA basically is Hi Simon, I think we're not talking about the "same IWA".I mean IWA as described for example here [1] or here [2]. If that's what you're actually doing, would you be so kind to post (or send me off list) a dump of the request/response headers of the Windows 7 successfully doing IWA (going through Squid, obviously)? Thanks, Javier [1] http://en.wikipedia.org/wiki/Integrated_Windows_Authentication [2] http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true > > There are just a few hicckups that happen but that also happens with > NTLM being this issue. > > I also cannot get itunes to use the proxy properly with authentication > due to 100 popups asking for passwords. > > I will be working on this sharepoint issue more tomorrow however. > > Cheers, > > Simon > > > > On Wed, 2012-04-18 at 23:18 +0200, Javier Conti wrote: >> On 18 April 2012 23:07, Simon Dwyer <mail@xxxxxxxxxx> wrote: >> > I have seen this problem on a windows 7 and a Fedora 16 machine. I >> > think i can rule out the windows machine for once ;) >> > >> > I am using FF on the linux machine... is that known to have double ntlm >> > issues? >> >> It is known for Windows 7 (I don't know about Linux clients) to behave >> differently from Windows XP. >> >> As Clem suggested, there are a few settings that should make 7 behave >> similarly to XP. I tried all of them (according to support at least) but >> unfortunately, the problem persists. >> >> I would be more than happy to know that someone is successfully doing >> Integrated Windows Authentication through Squid with a Windows 7 client! >> >> Regards, Javier >> >> > >> > Simon >> > >> > On Wed, 2012-04-18 at 19:36 +0200, Clem wrote: >> >> Hello, >> >> >> >> Try to set "Send LM & NTLM - use NTLMv2 session security if negotiated" >> >> in local policies (secpol.msc) >> >> >> >> Go to: Local Policies > Security Options >> >> >> >> Find "Network Security: LAN Manager authentication level" >> >> >> >> Change Setting from "Send NTLMv2 response only" >> >> to >> >> "Send LM & NTLM - use NTLMv2 session security if negotiated" >> >> >> >> Good luck ! >> >> >> >> >> >> Clem >> >> >> >> Le 18/04/2012 18:51, Javier Conti a écrit : >> >> > On 18 April 2012 07:33, Simon Dwyer<mail@xxxxxxxxxx> wrote: >> >> >> Hi all, >> >> >> >> >> >> I have just implemented squid with kerberos + ntlm + basic >> >> >> authentication. >> >> >> >> >> >> I have just been told accessing a sharepoint website on the internet has >> >> >> stopped working. >> >> >> >> >> >> It seems the site is running NTLM authentcation. >> >> >> >> >> >> I have wiresharked the traffic on the proxy and can see the request come >> >> >> in from the client then out to the web server and the NTLM fields are >> >> >> left in place. >> >> >> >> >> >> The sharepoint server is responding with a 401 unauthroized. >> >> >> >> >> >> Where would be the next place to start looking? >> >> > Are you trying with Windows 7 clients? If yes, have you tried with a Windows >> >> > XP one? >> >> > >> >> > I'm facing the same problem (getting Integrated Windows Authentication to >> >> > work through Squid) and as long as clients are Windows XP it works fine. >> >> > >> >> > If this is the case, I can tell you that we already tried to lower the >> >> > security settings in Windows 7 to something comparable to those of Windows >> >> > XP but still see differences in behaviour (and still have the problem)... >> >> > >> >> > Regards, Javier >> >> > >> >> > PS: excuse me OP if the message went through twice, but Andoird doesn't >> >> > let me send plain text emails and the first one got bounced :( >> >> > >> >> >> I am running 3.1.10. >> >> >> >> >> >> Thanks all, >> >> >> >> >> >> Simon >> >> >> >> > >> > > >
