RE: [squid-users] RE: NTLM error

From: Dawie Pretorius <dawie_at_tradebridge.co.za>
Date: Fri, 19 Mar 2010 16:42:21 +0200

Hello Amos

Thanks I will look into that.

And I apologize for adding that, didn't even know that was added :D

Have a good weekend... :D

Dawie Pretorius

Pretorius wrote:
> Hi is it possible that someone can come back to me on this request.
>
> Thank you
>
> Dawie Pretorius
>

Maybe yes, maybe no.

You did add this:
"
> message and may be subject to legal privilege. Access to this e-mail
> by anyone other than the intended is unauthorised. If you are not the
> intended recipient (or responsible for delivery of the message to
> such person), you may not use, copy, distribute or deliver to anyone
> this message (or any part of its contents ) or take any action in
"

Sigh. Some people who might have answered will be legally bound not to
or risk their employment.

/joke.

>
> -----Original Message-----
> From: Dawie Pretorius [mailto:dawie_at_tradebridge.co.za]
> Sent: 11 March 2010 10:40 AM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] NTLM error
>
> Hi,
>
> I continually have this error inside my /var/log/squid/cache.log:
>
> [2010/03/05 12:40:02, 1] libsmb/ntlmssp.c:ntlmssp_update(334)
> got NTLMSSP command 3, expected 1

A client is using kerberos (aka "3") to respond to your NTLM (aka "1")
challenge.
  * Find out what client browser this is its really rather broken, and
if possible why it's acting this way.
  * Look into implementing Kerberos auth in your network. NTLM is
officially deprecated by MS now, and apparently not supported in Windows 7.

>
> And getting a authentication pop up.
>
> I found this article about this issue:
>
> http://www1.il.squid-cache.org/mail-archive/squid-dev/200906/0041.html
>
> This article states that there is a workaround:
>
> "The workaround is pretty simple - just enable the IP auth cache."
>

I think they mean that storing the auth credentials and re-using them
for the IP gets around it.

Not a good solution at all. And squid does not support auth cache for
NTLM type protocols anyway. Which means you need to be using insecure
Basic auth for it to work.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
   Current Beta Squid 3.1.0.18
 
Note: Privileged/Confidential information may be contained in this message and may be subject to legal privilege. Access to this e-mail by anyone other than the intended is unauthorised. If you are not the intended recipient (or responsible for delivery of the message to such person), you may not use, copy, distribute or deliver to anyone this message (or any part of its contents ) or take any action in reliance on it. All reasonable precautions have been taken to ensure no viruses are present in this e-mail. As our company cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments we recommend that you subject these to your virus checking procedures prior to use. The views, opinions, conclusions and other information expressed in this electronic mail are not given or endorsed by the company unless otherwise indicated by an authorized representative independent of this message.
Received on Fri Mar 19 2010 - 14:42:38 MDT

This archive was generated by hypermail 2.2.0 : Fri Mar 19 2010 - 12:00:05 MDT