-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/07/2014 09:50 PM, Marcel wrote: > Hello, > > I have some more information. The problem seems to have nothing to > do with samba, krb5 or anything else. I set up a new squid that > isn't in the AD and doesn't use any kind of authentication at all. > > I have the exact same problem. Here is my POC squid.conf: > > acl localnet src all http_access allow all http_port 3128 > > > That is the entire configuration in my tests. As you can see, it > is absolutely impossible for it to be a configuration issue. > > Why can't I log on to a NTLM protected website with Internet > Explorer when going over a squid proxy? > > It works fine in Firefox. Hey Marcel, Since it works on 3.4.8 and it doesn't work on 3.3 or 3.2 the basic step would be to take a look at the packets\sessions to see what is different between firefox and ie while only then compare newer versions of squid to older. NTLM should work in a the basic path: 1 - request 2 - 407 response 3 - negotiation 4 - new request with auth details What have verified until now in the session\packets level? Eliezer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUPDoWAAoJENxnfXtQ8ZQU/BYH/0iEE/+lDd+SiubNNcavmvXz bPRAMtXSK64OehMYZwH1mnCIvUylPW3Vjv3cMjrh4uJIPIn7/WdwudniuNoxzSk7 PZEtkZYD9ZL68ns55yU7mDdDoudzRkkveplNvvmhB42Pq1OX9Nq1trPJUnfhvGJZ iuVvE25ZIKqVNMJN+Dp9e0M6FZZ85ZVwyz2AlGI4GAnD/sIqJOKLSp/aQYgyGvYt rE+cNQb0nypyMjc1c5uoDVB2AFh3nN5H9HMiG+S6vRdRxXMEm6d0hO6x54ZzvEYy WBpU+CDMjcA/6aCUwx4irFEuFBKpy9ni7a01es3B1Tn5NoDyJW8bJz2F5WGbhVw= =nyav -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
