> >
> > I'm having some problems with reverse proxy and NTLM authentication.
> > Specifically, the connection to the client is not persisted which I
> > believe invalidates the NTLM authentication protocol. I've added a
> > source port number to the logs which shows that it is indeed creating
> > a new connection for each request. There seems to have been a bit of
> > mailing list activity about similar problems but nothing exactly the
> > same and none of the suggested solutions work.
>
> I've done a bit more testing on this, and it seems that the server returns
> "HTTP/1.1 401 Unauthorized" but squid turns this into "HTTP/1.0 401
> Unauthorized" before passing it onto the client. Does that help?
>
It seems that this is the cause of the problem... The patch following this email fixes it... is there any reason why the version should be forced to 1.0?? Is it to work around some other bug?
James
--- squid3-3.1.20.orig/src/client_side_reply.cc
+++ squid3-3.1.20/src/client_side_reply.cc
@@ -1469,10 +1469,12 @@ clientReplyContext::cloneReply()
reply = HTTPMSGLOCK(rep);
+#if 0
if (reply->sline.protocol == PROTO_HTTP) {
/* enforce 1.0 reply version (but only on real HTTP traffic) */
reply->sline.version = HttpVersion(1,0);
}
+#endif
/* do header conversions */
buildReplyHeader();
