RE: [squid-users] squid using NTLM Authentication - failed to acc ess sites that required authentication

From: Wood, Jeremy <WoodJ@dont-contact.us>
Date: Mon, 16 Apr 2001 09:16:00 -0400

No, I am not using transparent proxying. All test-users browsers are
pointed directly to the squid proxy.

----Jer

-----Original Message-----
From: Robert Collins [mailto:robert.collins@itdomain.com.au]
Sent: Monday, April 16, 2001 9:15 AM
To: Wood, Jeremy
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] squid using NTLM Authentication - failed to
access sites that required authentication

No. I mean it in the traditional (but also incorrect) squid sense, where
the users don't have a configured proxy but a router using WCCP or a
unix router (using ipfilter/ipchains) intercepts the user TCP sessions
and redirects them to the squid server.

Rob

----- Original Message -----
From: "Wood, Jeremy" <WoodJ@metatec.com>
To: "'Robert Collins'" <robert.collins@itdomain.com.au>; "Wood, Jeremy"
<WoodJ@metatec.com>
Cc: <squid-users@squid-cache.org>
Sent: Monday, April 16, 2001 11:07 PM
Subject: RE: [squid-users] squid using NTLM Authentication - failed to
access sites that required authentication

> If by "transparent proxying" you mean NTLM Authen (Windows don't ask
me a
> password for authent) then yes.
>
> ----Jer
>
> -----Original Message-----
> From: Robert Collins [mailto:robert.collins@itdomain.com.au]
> Sent: Monday, April 16, 2001 9:05 AM
> To: Wood, Jeremy
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] squid using NTLM Authentication - failed to
> access sites that required authentication
>
>
> Partially. Are you using transparent proxying?
>
> Rob
>
> ----- Original Message -----
> From: "Wood, Jeremy" <WoodJ@metatec.com>
> To: "'Robert Collins'" <robert.collins@itdomain.com.au>; "Wood,
Jeremy"
> <WoodJ@metatec.com>
> Cc: <squid-users@squid-cache.org>
> Sent: Monday, April 16, 2001 11:02 PM
> Subject: RE: [squid-users] squid using NTLM Authentication - failed to
> access sites that required authentication
>
>
> > Sure ---
> >
> > The problem I'm seeing with the fault I reported and the external
site
> > authentication seperately. When I was trying to access sites that
> required
> > authentication via a pop-up box I recieved the same viewing error
that
> > Borris did. However, if I turned NTLM off and used basic
> authentication and
> > tried the view the page again, I would get the pop-up login box for
> the
> > site. Is that what you were looking for??
> >
> > ----Jer
> >
> > -----Original Message-----
> > From: Robert Collins [mailto:robert.collins@itdomain.com.au]
> > Sent: Monday, April 16, 2001 8:58 AM
> > To: Wood, Jeremy
> > Cc: squid-users@squid-cache.org
> > Subject: Re: [squid-users] squid using NTLM Authentication - failed
to
> > access sites that required authentication
> >
> >
> > Could you answer the question I asked Boris?
> >
> > You haven't previously indicated a correlation between the fault you
> > reported and external sites requireing authentication - was that an
> > oversight or are you seeing two distinct problems?
> >
> > Thanks,
> > Rob
> >
> > ----- Original Message -----
> > From: "Wood, Jeremy" <WoodJ@metatec.com>
> > To: "'Robert Collins'" <robert.collins@itdomain.com.au>
> > Sent: Monday, April 16, 2001 10:55 PM
> > Subject: RE: [squid-users] squid using NTLM Authentication - failed
to
> > access sites that required authentication
> >
> >
> > > I've been having the same problem. For example when trying to log
> > into
> > > Cisco TAC.
> > >
> > > Jeremy Wood
> > > Server Technologist
> > > Metatec International, Inc
> > > 614.761.2000 ext 4511
> > > woodj@metatec.com
> > >
> > > "So tell me, how do you chmod chmod?"
> > >
> > >
> > > -----Original Message-----
> > > From: Robert Collins [mailto:robert.collins@itdomain.com.au]
> > > Sent: Thursday, April 12, 2001 7:34 AM
> > > To: Boris Segal; squid-users@squid-cache.org
> > > Subject: Re: [squid-users] squid using NTLM Authentication -
failed
> to
> > > access sites that required authentication
> > >
> > >
> > > That's unexpected. It works fine for authenticated sites using
both
> > > basic and digest authentication.
> > >
> > > You're not trying to do "transparent proxying" and authentication
at
> > the
> > > same time are you?
> > >
> > > The error about fixErrorHeader: state 4 indicates that an
_already_
> > > authenticated client is sending authentication again.
> > >
> > > a) This should have been trapped eariler on in squid - I'll look
> into
> > > that.
> > > b) That is very bad behaviour on the clients part - or you are
using
> > > transparent caching.
> > >
> > > Rob
> > >
> > > ----- Original Message -----
> > > From: "Boris Segal" <BORISSE@amdocs.com>
> > > To: <squid-users@squid-cache.org>
> > > Sent: Thursday, April 12, 2001 10:29 PM
> > > Subject: [squid-users] squid using NTLM Authentication - failed to
> > > access sites that required authentication
> > >
> > >
> > > > Hello,
> > > >
> > > > We are using squid proxy (Version 2.5) on Solaris 2.8 X86
> platform.
> > > >
> > > > the squid run with NTLM authentication mode for internal users
> > > > authentication - this works fine.
> > > >
> > > > But, When trying to access web sites that require user
> > Authentication
> > > (by
> > > > opening new Authentication window) we failed.
> > > >
> > > > site for example: http://www.baker.edu/administration/ininfo/
> > > >
> > > > we get : The page cannot be displayed error page
> > > >
> > > > when not using the NTLM Authentication on the proxy we manage to
> get
> > > to
> > > > those sites.
> > > >
> > > > (https sites and sites that run a cgi authentication works fine
> > also -
> > > the
> > > > problem exist only when the other side require
> > > >
> > > > In the squid debug log we get :
> > > >
> > > > 2001/03/18 12:13:03| authenticateNTLMFixErrorHeader: state 4.
> > > >
> > > > 2001/03/18 12:13:03| storeDirWriteCleanLogs: Starting...
> > > >
> > > > 2001/03/18 12:13:03| WARNING: Closing open FD 17
> > > >
> > > > 2001/03/18 12:13:03| Finished. Wrote 20005 entries.
> > > >
> > > > 2001/03/18 12:13:03| Took 0.1 seconds (397137.4 entries/sec).
> > > >
> > > > FATAL: unexpected state in AuthenticateNTLMFixErrorHeader.
> > > >
> > > > Squid Cache (Version 2.5.DEVEL): Terminated abnormally.
> > > >
> > > > It seems that squid doing a restart to himself during this
> problem,
> > > that's
> > > > why we get the error : the page can't be displayed.
> > > >
> > > >
> > > >
> > > > Any ideas ?
> > > >
> > > > should we configure some how the header in such a way that the
> proxy
> > > won't
> > > > pass it to the remote site ?
> > > >
> > > > does the proxy actually pass the username that was taken from
the
> > > header
> > > > (while authenticate) to the remote site ?
> > > >
> > > >
> > > >
> > > > Any help will be appriciate.
> > > >
> > > > Thank you,
> > > >
> > > > Boris Segal
> > > >
> > > >
> > >
> >
>
Received on Mon Apr 16 2001 - 07:16:04 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:20 MST