Search squid archive

RE: Connection pinning (NTLM pass through)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
> Sent: Sunday, May 27, 2012 1:22 PM
> To: squid-users@xxxxxxxxxxxxxxx
> Subject: Re:  Connection pinning (NTLM pass through)
> 
> On 26/05/2012 8:31 a.m., Petter Abrahamsson wrote:
> > Hi,
> >
> > I'm trying to get NTLM pass through to work with squid 3.1.19. I have
> > followed the instructions found on the wiki[1] on connection pinning
> > but I just keep receiving 401 status messages.
> > Below is the very simple squid.conf that I'm using for this test.
> >
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1/32 ::1
> > acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
> > acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
> > acl SSL_ports port 443
> > acl Safe_ports port 80		# http
> > acl Safe_ports port 21		# ftp
> > acl Safe_ports port 443		# https
> > acl Safe_ports port 70		# gopher
> > acl Safe_ports port 210		# wais
> > acl Safe_ports port 1025-65535	# unregistered ports
> > acl Safe_ports port 280		# http-mgmt
> > acl Safe_ports port 488		# gss-http
> > acl Safe_ports port 591		# filemaker
> > acl Safe_ports port 777		# multiling http
> > acl CONNECT method CONNECT
> > http_access allow manager localhost
> > http_access deny manager
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > http_access allow localnet
> > http_access allow localhost
> > http_access deny all
> > http_port 8080 connection-auth=on
> > hierarchy_stoplist cgi-bin ?
> > coredump_dir /var/cache/squid
> > refresh_pattern ^ftp:		1440	20%	10080
> > refresh_pattern ^gopher:	1440	0%	1440
> > refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
> > refresh_pattern .		0	20%	4320
> >
> > And below is the corresponding access.log entries with obfuscated ip
> > addresses and host names.
> >
> > 1337976537.852     63 192.168.12.214 TCP_MISS/401 466 GET
> > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
> > 1337976550.714     29 192.168.12.214 TCP_MISS/401 1074 GET
> > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
> > 1337976551.025     57 192.168.12.214 TCP_MISS/401 466 GET
> > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
> > 1337976554.627     57 192.168.12.214 TCP_MISS/401 1074 GET
> > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
> > 1337976558.006   3128 192.168.12.214 TCP_MISS/401 466 GET
> > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
> > 1337976559.462     59 192.168.12.214 TCP_MISS/401 1074 GET
> > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
> > 1337976559.760     56 192.168.12.214 TCP_MISS/401 466 GET
> > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html
> >
> > I feel like I'm missing something obvious since the instructions on
> > the wiki are quite simple.
> > When I try the same website through a v2.7 squid it lets me login.
> > Let me know if any other information is needed.
> > Any help would be very much appreciated.
> 
> Check the HTTP headers at each point before/after Squid for keep-alive.
> There is something a little strange going on with HTTP/1.1 connections to
> servers and NTLM keep-alive in 3.1.19. If you are able to do some code
> digging that would help as well.
> 
> Amos


Hi Peter.

I'm having the same issues with a IIS portal site. In 3.1 it doesn't work but with 2.7 it does. Have you managed to fix this problem by any chance?

Kind Regards
Jasper




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux