RE: [squid-users] RE: NTLM error

From: Dawie Pretorius <dawie_at_tradebridge.co.za>
Date: Fri, 19 Mar 2010 16:43:30 +0200

Hello Jeff

Thanks for help and the link, finally an answer that I can work with :D

Thanks again.

Dawie Pretorius

Dawie,

Welcome to the squid "It's Microsoft and it's broke, so it's not our
fault" list.

I had the same problem and did find a work around that seems to stop
the pop-up authentication.
The hack is to change the registry setting MaxConnectionsPerServer to
1. This is a
link for setting the registry value: http://support.microsoft.com/kb/282402

I believe the squid connection pinning code is wrong but I can't get
anyone to believe me.

Jeff F>

On Fri, Mar 19, 2010 at 8:30 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> Dawie Pretorius wrote:
>>
>> Hi is it possible that someone can come back to me on this request.
>>
>> Thank you
>>
>> Dawie Pretorius
>>
>
> Maybe yes, maybe no.
>
> You did add this:
> "
>> message and may be subject to legal privilege. Access to this e-mail
>> by anyone other than the intended is unauthorised. If you are not the
>> intended recipient (or responsible for delivery of the message to
>> such person), you may not use, copy, distribute or deliver to anyone
>> this message (or any part of its contents ) or take any action in
> "
>
> Sigh. Some people who might have answered will be legally bound not to or
> risk their employment.
>
> /joke.
>
>>
>> -----Original Message-----
>> From: Dawie Pretorius [mailto:dawie_at_tradebridge.co.za] Sent: 11 March 2010
>> 10:40 AM
>> To: squid-users_at_squid-cache.org
>> Subject: [squid-users] NTLM error
>>
>> Hi,
>> I continually have this error inside my /var/log/squid/cache.log:
>>
>> [2010/03/05 12:40:02, 1] libsmb/ntlmssp.c:ntlmssp_update(334)
>> got NTLMSSP command 3, expected 1
>
> A client is using kerberos (aka "3") to respond to your NTLM (aka "1")
> challenge.
> * Find out what client browser this is its really rather broken, and if
> possible why it's acting this way.
> * Look into implementing Kerberos auth in your network. NTLM is officially
> deprecated by MS now, and apparently not supported in Windows 7.
>
>>
>> And getting a authentication pop up.
>>
>> I found this article about this issue:
>>
>> http://www1.il.squid-cache.org/mail-archive/squid-dev/200906/0041.html
>>
>> This article states that there is a workaround:
>>
>> "The workaround is pretty simple - just enable the IP auth cache."
>>
>
> I think they mean that storing the auth credentials and re-using them for
> the IP gets around it.
>
> Not a good solution at all. And squid does not support auth cache for NTLM
> type protocols anyway. Which means you need to be using insecure Basic auth
> for it to work.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
> Current Beta Squid 3.1.0.18
>
 
Note: Privileged/Confidential information may be contained in this message and may be subject to legal privilege. Access to this e-mail by anyone other than the intended is unauthorised. If you are not the intended recipient (or responsible for delivery of the message to such person), you may not use, copy, distribute or deliver to anyone this message (or any part of its contents ) or take any action in reliance on it. All reasonable precautions have been taken to ensure no viruses are present in this e-mail. As our company cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments we recommend that you subject these to your virus checking procedures prior to use. The views, opinions, conclusions and other information expressed in this electronic mail are not given or endorsed by the company unless otherwise indicated by an authorized representative independent of this message.
Received on Fri Mar 19 2010 - 14:43:40 MDT

This archive was generated by hypermail 2.2.0 : Fri Mar 19 2010 - 12:00:05 MDT