RE: [squid-users] Windows 2003 Strangeness from Dave Augustus on 2004-09-09 (squid-users)

From: Dave Augustus <davea@dont-contact.us>
Date: Thu, 09 Sep 2004 12:40:23 -0500

Did you compile Samba with kerberos 1.3? I am just guessing here but the
problem appears to be between your W2K3 servers and Squid.

This is a Samba configuration problem- whatever it is- you could try
posting there as well.

--
Dave
On Thu, 2004-09-09 at 12:03, Charlie Grosvenor wrote:
> Thank you for the response, the windows 2003 server is a member server of an
> NT 4 domain, no active directory. I have this problem on two all the windows
> 2003 member servers.
> 
> Squid.conf:
> 
> auth_param ntlm program /usr/bin/ntlm_auth domain/domaincontroller
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 5000
> auth_param ntlm max_challenge_lifetime 5 minutes
> 
> I am using the NTLM_AUTH binary that comes with samba v3.
> 
> Thank you 
> 
> -----Original Message-----
> From: Dave Augustus [mailto:davea@support.kcm.org] 
> Sent: 09 September 2004 17:56
> To: Charlie Grosvenor
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Windows 2003 Strangeness
> 
> How are authenticating? It sounds like you are using mixed-mode
> authentication: that is, the the old-style Domain Controller and the new
> Active Directory.
> 
> My guess is that:
> Your Squid box is using DC for authentication and the W2K3 server is using
> AD. Do you have the same problem on another W2K3 server ?
> 
> With Samba v3, you use the NTLM_AUTH  binary that it installs instead of the
> one that comes with Squid.
> 
> Let me know,
> --
> Dave 
> 
> On Thu, 2004-09-09 at 10:49, Charlie Grosvenor wrote:
> > I am using squid 2.5.6, with NTLM authentication. This works fine with 
> > IE6 on windows NT, 2000, XP clients, but with windows 2003 server, I 
> > get "Page cannot be displayed" when I set IE6 to use the proxy and in 
> > the squid access.log I get:
> >  
> > 1094744912.490      0 192.168.1.97 TCP_DENIED/407 1866 GET
> > http://www.microsoft.com/ - NONE/- text/html
> > 1094744912.664      0 192.168.1.97 TCP_DENIED/407 1792 GET
> > http://www.microsoft.com/ - NONE/- text/html
> > 1094744912.667      0 192.168.1.97 TCP_DENIED/407 1866 GET
> > http://www.microsoft.com/ - NONE/- text/html
> > 1094744912.824      0 192.168.1.97 TCP_DENIED/407 1792 GET
> > http://www.microsoft.com/ - NONE/- text/html
> > 1094744912.827      0 192.168.1.97 TCP_DENIED/407 1866 GET
> > http://www.microsoft.com/ - NONE/- text/html
> > 1094744912.976      0 192.168.1.97 TCP_DENIED/407 1792 GET
> > http://www.microsoft.com/ - NONE/- text/html
> > 1094744912.979      0 192.168.1.97 TCP_DENIED/407 1866 GET
> > http://www.microsoft.com/ - NONE/- text/html
> > 1094744913.136      0 192.168.1.97 TCP_DENIED/407 1792 GET
> > http://www.microsoft.com/ - NONE/- text/html
> > 1094744913.138      0 192.168.1.97 TCP_DENIED/407 1866 GET
> > http://www.microsoft.com/ - NONE/- text/html
> >  
> > Has anybody else experienced this with windows 2003 server? anybody 
> > know of a solution?
> > 
> > ______________________________________________________________________
> > This email has been scanned by the MessageLabs Email Security System.
> > For more information please visit http://www.messagelabs.com/email
> > ______________________________________________________________________
> 
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________

application/pgp-signature attachment: This is a digitally signed message part

Received on Thu Sep 09 2004 - 11:40:32 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT