RE: [squid-users] Authentication issue through the proxy

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 03 Mar 2003 17:23:17 +0100

You cannot use Microsoft Integrated Login to web servers via Squid (or
mostly any other Proxy).

This does not mean that you cannot use Microsoft Integrated Login to the
proxy and plain Basic authentication to the web server.

See http://www.squid-cache.org/Versions/v2/2.5/bugs/ for an option to
make web server authentication a bit more stable when using proxies.
There you can find a patch to Squid which will make Squid remove any
proposals which is known not to be possible to proxy (Microsoft NTLM or
NEGOTIATE authentication).

Regards
Henrik

mån 2003-03-03 klockan 15.16 skrev Scott Wrosch:
> Grrr.. I love sending an email when I don't mean to. I looked a little
> further into this after having written the email. Didn't mean to send
> it, but I did anyways. Whoops.
>
> Anyways, according to what I've found, it's because I'm using NTLM
> through a proxy server.
>
> I have found a solution to take care of it on the web server (which I'm
> not sure if they'll like, but I can't do anything today because the guy
> who handles it is out sick). So the question then is there anything I
> can do through Squid to take care of it? Besides not use wb_ntlmauth?
>
> Thanks again,
>
> Scott Wrosch
> desk 248.333.7700 x227
> email swrosch@marketingassociates.com
>
> > -----Original Message-----
> > From: Scott Wrosch
> > Sent: Monday, March 03, 2003 9:07 AM
> > To: squid-users@squid-cache.org
> > Subject: [squid-users] Authentication issue through the proxy
> >
> > Good morning!
> >
> > So I've got everything up and running the way I want it to. Of
> course,
> > a few more monkey wrenches get tossed in the machine, but that's not a
> > problem that I can't handle (I just have to get the ambition to
> actually
> > take care of it).
> >
> > But, an issue has arisen. We have an "internal" site that we can't
> get
> > to through the proxy. It's actually a site we can get to outside of
> our
> > LAN as well, but we only have issues getting to it from inside the LAN
> > when using the proxy.
> >
> > Here's a snippet of the web page error that I get:
> >
> > >HTTP 401.2 - Unauthorized: Logon failed due to server configuration
> > >Internet Information Services
> > >
> > >Technical Information (for support personnel)
> > >
> > >Background:
> > >This is usually caused by a server-side script not sending the proper
> > WWW->Authenticate header field. Using Active Server Pages scripting
> this
> > is done >by using the AddHeader method of the Response object to
> request
> > that the >client use a certain authentication method to access the
> > resource.
> >
> > Now to me, that tells me that the server is set up wrong. But, here's
> a
> > snippet of the access.log file as well:
> >
> > 1046700592.012 2 192.1.1.72 TCP_DENIED/407 1799 GET
> > http://www.marketingassociates.com/internal - NONE/- text/html
> > 1046700592.020 2 192.1.1.72 TCP_DENIED/407 1795 GET
> > http://www.marketingassociates.com/internal - NONE/- text/html
> > 1046700592.052 30 192.1.1.72 TCP_MISS/401 4630 GET
> > http://www.marketingassociates.com/internal ma\swros DIRECT/10.10.0.94
> > text/html
> >
> > To me, everything looks fine. I have no problems accessing any of the
> > other "internal" sites (a billing site and the Exchange server).
> >
> > But, with that being said, I've heard that it's an authentication
> issue
> > with an MS product. And, from what I've seen on the mailing list,
> that
> > is indeed the case.
> >
> > So my question then is there any way around it? Whether it be a
> setting
> > that I might have to have changed on the server hosting the page, or a
> > setting in Squid, it doesn't matter to me.
> >
> > Thanks in advance!
> >
> > Scott Wrosch
> > desk 248.333.7700 x227
> > email swrosch@marketingassociates.com
> >
> > "Our greatest glory is not in never falling
> > but in rising every time we fall." -- Confucius

-- 
Henrik Nordstrom <hno@squid-cache.org>
MARA Systems AB, Sweden
Received on Mon Mar 03 2003 - 09:23:25 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:54 MST