Search squid archive

Re: R: [squid-users] I: Problem with some website and application

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 8/09/2012 12:56 a.m., Job wrote:

Hello Amos!

Excuse me but i loose your reply! :)

i work with explicited proxy WITH authentication, maybe i was wrong when writing my post.

Can i operate, with Windows 7 and Vista, this workaround in the registry?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
LmCompatibilityLevel at value 1.

Do you think it solves the problem?
It will disable NTLM security on those systems. Reducing them to LanMan security (something like 8-bit encryption, which can be decrypted in real time) using the "NTLM" tag in HTTP. 


Any other ideas?


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
LmCompatibilityLevel
IIRC... value 5 is Kerberos, value 4 is NTLMv2-only with security extensions. 3 is NTLMv1-v2 only but no extra security extensions. You could try one of those.
Best of all would be to roll out Kerberos everywhere and leave the new OS at their preferred settings. 

Amos


Thank you!
Francesco

________________________________________
Da: Amos Jeffries [squid3@xxxxxxxxxxxxx]
Inviato: domenica 5 agosto 2012 12.39
A: squid-users@xxxxxxxxxxxxxxx
Oggetto: Re:  I: Problem with some website and application

On 4/08/2012 3:50 a.m., Job wrote:

Hello,

i use squid since about ten years, i grew up with squid!

Actually i have got a big problem, expecially in public administration in Italy, when using NTLM authentication and explicited proxy.

Some website and client server application does not work behind explicited authenticated proxy; those are bad written, not w3c, and not well working.
I have to create some iptables bypass and working with wpad.

Furthermore, some website call other website, so debugging the failed access become very very hard and spend lots of time, and customers says "but at home with home-dsl everything is fine! Why not at office?"

It is very frustrating, i think to use only transparent proxy with no authentication scheme.

What do you think about?

If it were possible for you to operate "transparent proxy" without
authentication, why are you not operating an "explicit proxy" without
authentication?

Or perhapse you could tell us what the problems you are facing are, what
systems are involved and what versions of the relative software. Noting
that Windows Vista and later are designed to work with Kerberos instead
of NTLM - which is likely the real cause of your problem.

Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux