On 8/03/2017 11:28 p.m., Rietzler, Markus (RZF, Aufg 324 / <RIETZLER_SOFTWARE>) wrote: > i should add that we are using squid 3.5.24. > Try with "auth_param ntlm keep_alive off". Recently the browsers have been needing that. Though frankly I am surprised if Edge supports NTLM at all. It was deprecated in April 2006 and MS announced removal was being actively pushed in all thier software since Win7. > >> -----Ursprüngliche Nachricht----- >> Von: Rietzler, Markus >> >> we have some windows 10 clients using microsoft edge browser. >> access to internet is only allowed for authenticated users. we are using >> samba/winbind auth >> >> auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5- >> ntlmssp >> auth_param ntlm children 64 startup=24 idle=12 >> auth_param ntlm keep_alive on >> acl auth_user proxy_auth REQUIRED >> >> on windows 10 clients with IE11 it is working (with ntlm automatic auth) >> on the same machine, with Microsoft edge I get TCP_Denied/407 message. >> seems I only get one single TCP_DENIED/407 line in accesslog and an auth >> dialog pops up. I have disabled basic auth via ntlm. >> shouldn't there be 3 lines for proxy auth? with IE11 I see those three >> lines (2x TCP_DENIED/407 and 1x TCP_MISS/200), no popup at all. Not specifically. There should be 1+ for NTLM. Success with NTLM shows 2+. Failure shows 1 or 3 or infinite loop (hello Safari and Firefox 30-ish). >> >> winbind/samba itself seems to work, as I can do an user auth against >> apache with winbind/samba - even over some squid proxies with >> connection-auth allowed. but not for proxy-auth. >> is there any option in squid.conf which prevents Edge to do a successful >> auth? If other software succeeds then the only thing that might be related is the keep-alive option mentioned above. Otherwise the problem is in Edge itself. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
