Re: [squid-users] Can't access IIS website with Integrated Windows Authentication, why?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 23 Feb 2012 17:33:49 +1300

On 22/02/2012 5:30 p.m., Jiang Wen Dong wrote:
> I have 2 IIS website with Integrated Windows Authentication.
>
> Users access internet and these 2 websites by squid.
> Access internet is ok, but can’t access these 2 websites.
>
> I have tied v3.1 and v3.2 with default config, but the problem still there.
>
> It seems squid cut off www-auth information.
>
> Anybody can help me with this?

Is squid operating in forward or reverse proxy mode?
* forward proxy never touch www-auth headers
* reverse proxy are where the auth is destined to be tested. Squid will
attempt to validate them using your configured auth_param.
NP: login using NTLM credentials to a backend is not supported. (what
often appears to be a "relay" is actually Squid logging into the backend
itself).

Is the website on the local LAN or out on the Internet?
* NTLM requires end-to-end connectivity. Many Internet links do not
provide those guarantees since proxy gateways and NAT were invented.

Do you have persistent connections enabled or disabled?
* NTLM requires them.

Amos
Received on Thu Feb 23 2012 - 04:33:53 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 23 2012 - 12:00:04 MST