> -----Original Message----- > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > Sent: Sunday, May 27, 2012 1:22 PM > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Connection pinning (NTLM pass through) > > On 26/05/2012 8:31 a.m., Petter Abrahamsson wrote: > > Hi, > > > > I'm trying to get NTLM pass through to work with squid 3.1.19. I have > > followed the instructions found on the wiki[1] on connection pinning > > but I just keep receiving 401 status messages. > > Below is the very simple squid.conf that I'm using for this test. > > > > acl manager proto cache_object > > acl localhost src 127.0.0.1/32 ::1 > > acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 > > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > > acl SSL_ports port 443 > > acl Safe_ports port 80 # http > > acl Safe_ports port 21 # ftp > > acl Safe_ports port 443 # https > > acl Safe_ports port 70 # gopher > > acl Safe_ports port 210 # wais > > acl Safe_ports port 1025-65535 # unregistered ports > > acl Safe_ports port 280 # http-mgmt > > acl Safe_ports port 488 # gss-http > > acl Safe_ports port 591 # filemaker > > acl Safe_ports port 777 # multiling http > > acl CONNECT method CONNECT > > http_access allow manager localhost > > http_access deny manager > > http_access deny !Safe_ports > > http_access deny CONNECT !SSL_ports > > http_access allow localnet > > http_access allow localhost > > http_access deny all > > http_port 8080 connection-auth=on > > hierarchy_stoplist cgi-bin ? > > coredump_dir /var/cache/squid > > refresh_pattern ^ftp: 1440 20% 10080 > > refresh_pattern ^gopher: 1440 0% 1440 > > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > > refresh_pattern . 0 20% 4320 > > > > And below is the corresponding access.log entries with obfuscated ip > > addresses and host names. > > > > 1337976537.852 63 192.168.12.214 TCP_MISS/401 466 GET > > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html > > 1337976550.714 29 192.168.12.214 TCP_MISS/401 1074 GET > > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html > > 1337976551.025 57 192.168.12.214 TCP_MISS/401 466 GET > > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html > > 1337976554.627 57 192.168.12.214 TCP_MISS/401 1074 GET > > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html > > 1337976558.006 3128 192.168.12.214 TCP_MISS/401 466 GET > > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html > > 1337976559.462 59 192.168.12.214 TCP_MISS/401 1074 GET > > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html > > 1337976559.760 56 192.168.12.214 TCP_MISS/401 466 GET > > http://www.example.net/directory/ - DIRECT/x.x.x.x text/html > > > > I feel like I'm missing something obvious since the instructions on > > the wiki are quite simple. > > When I try the same website through a v2.7 squid it lets me login. > > Let me know if any other information is needed. > > Any help would be very much appreciated. > > Check the HTTP headers at each point before/after Squid for keep-alive. > There is something a little strange going on with HTTP/1.1 connections to > servers and NTLM keep-alive in 3.1.19. If you are able to do some code > digging that would help as well. > > Amos Hi Peter. I'm having the same issues with a IIS portal site. In 3.1 it doesn't work but with 2.7 it does. Have you managed to fix this problem by any chance? Kind Regards Jasper
