Re: [squid-users] Squid 3.1 NTLM Passthrough (SSO) to IIS with Firefox

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 09 Nov 2011 01:45:08 +1300

On 9/11/2011 1:11 a.m., Bartschies, Thomas wrote:
> Hi,
>
> our setup is:
> Firefox 7.0.1, Squid 3.1.16 and Sharepoint Server on IIS.
> In Firefox we've set already:
> network.automatic-ntlm-auth.trusted-uris to the server address
> network.automatic-ntlm-auth.allow-proxies = true (default)
>
> in squid.conf, we've tried some combinations of the following settings,
> having the current settings this way:
> client_persistent_connections on
> server_persistent_connections on

Right the above need to be on for NTLM to work properly.

> pipeline_prefetch off
>
> Every time we try to connect to the sharepoint site, the browser
> authentication box pops up. Even when we supply
> correct credentials, the request for them pops up again. Making it
> impossible to logon to the site.
>
> Internet Explorer 8/9 works fine. Google Chrome 15 also requests
> credentials once and then logon works.
>
> First question is: Should this even work with Firefox, or is it known
> not to?

It is known to work as seamlessly as IE when setup properly.

This sounds like

>
> If it should work, what other settings we've possibly missed?

There is nothing special for Firefox. Since the other browsers are
working fine (through the proxy?) it suggests a config issue setting up
firefox.

>
> Connection pinning seems to be working, if I'm reading the traces
> correctly. Sharepoint answers with HTTP Code 401.
>
> Our Proxy Setup is open. There are absolutely no client address
> restrictions and we're also not using proxy authentication.
> So there's not ntlm_auth helper in use.
>
> Kind regards,
> Thomas

Amos
Received on Tue Nov 08 2011 - 12:45:13 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 09 2011 - 12:00:03 MST