Re: [squid-users] Squid + Windows 7 + itunes / BB / MobileMe

From: Alex Marsal <alex.marsal_at_carglass.es>
Date: Mon, 07 Jun 2010 13:32:36 +0200

Actually we are not migrate all our boxes, just introducing Windows7
and found this problem.

What would be the best to fix this?

I found this (not sure if that's the same issue):

Run local GP on W7. Look for local machine policy-> computer
config->windows setting->local policies->security option->Network
security: LAN Manager authentication level

Set LM & NTLM - Use NTLMv2 session if negotited

Can I fix it with gpo settings? Which ones?

thank you guys

Amos Jeffries <squid3_at_treenet.co.nz> ha escrito:

> Alex Marsal wrote:
>> I think actually we're using this one:
>>
>> /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
>>
>> Which other helper should we use?
>
> For NTLM the Samba helper (looks like that one) is the best to use.
>
>
> The problem may be that Win7 and these apps in particular no longer

> support NTLM by default.
>
> Microsoft had an announcement a while back to the effect that they
> were phasing out NTLM over the Vista lifespan and it would be
> officially dead in Win7. That seems to have been roughly accurate
> going by peoples experiences.
>
> Here is a KB article on the LMv2 disabling
> http://support.microsoft.com/kb/976918
>
> If your plan is to have the network Win7 based then Kerberos is
> recommended as the protocol to migrate to. It's more secure by way
of
> better encryption and less network heavy than NTLM.
>
> If you wish to retain XP on most and simply migrate a "few" Win7
> boxes, you get stuck doing these setting changes.
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.4
>

AVISO: Este mensaje y todos los anexos transmitidos con el mismo han sido enviados para el uso exclusivo del destinatario y pueden contener información confidencial o privilegiada. Si su receptor no fuera el destinatario o persona que se responsabilice de su entrega al mismo, por el presente se le informa que la difusión, distribución, copia u otro uso de este mensaje o sus anexos esta estrictamente prohibida. Si hubiera recibido este mensaje por error, rogamos lo notifique, al remitente de inmediato, nos lo haga saber y lo elimine de su ordenador. Queda prohibida la utilización o difusión no autorizada de este mensaje. Le recordamos que las comunicaciones a través de Internet no son seguras, pudiendo ser interceptadas por terceros. Por favor, considere su responsabilidad con el medio ambiente antes de imprimir este correo electrónico.

DISCLAIMER: The e-mail message and all attachments transmitted with it are intended solely for the use of the addressee and may contain legally privileged and confidential information. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to this message and please delete it from your computer. Any use or retransmission without proper authorisation is prohibited. You are cautioned that any communication over the Internet is not secure and may be intercepted by third parties. Please consider your environmental responsibility before printing this e-mail.
Received on Mon Jun 07 2010 - 11:32:55 MDT

This archive was generated by hypermail 2.2.0 : Mon Jun 07 2010 - 12:00:03 MDT