Re: [squid-users] Authenticating to sharepoint NTLM

From: Javier Conti <javier.conti_at_gmail.com>
Date: Wed, 18 Apr 2012 23:18:05 +0200

On 18 April 2012 23:07, Simon Dwyer <mail_at_simmyd.net> wrote:
> I have seen this problem on a windows 7 and a Fedora 16 machine.  I
> think i can rule out the windows machine for once ;)
>
> I am using FF on the linux machine... is that known to have double ntlm
> issues?

It is known for Windows 7 (I don't know about Linux clients) to behave
differently from Windows XP.

As Clem suggested, there are a few settings that should make 7 behave
similarly to XP. I tried all of them (according to support at least) but
unfortunately, the problem persists.

I would be more than happy to know that someone is successfully doing
Integrated Windows Authentication through Squid with a Windows 7 client!

Regards, Javier

>
> Simon
>
> On Wed, 2012-04-18 at 19:36 +0200, Clem wrote:
>> Hello,
>>
>> Try to set "Send LM & NTLM - use NTLMv2 session security if negotiated"
>> in local policies (secpol.msc)
>>
>> Go to: Local Policies > Security Options
>>
>> Find "Network Security: LAN Manager authentication level"
>>
>> Change Setting from "Send NTLMv2 response only"
>> to
>> "Send LM & NTLM - use NTLMv2 session security if negotiated"
>>
>> Good luck !
>>
>>
>> Clem
>>
>> Le 18/04/2012 18:51, Javier Conti a écrit :
>> > On 18 April 2012 07:33, Simon Dwyer<mail_at_simmyd.net>  wrote:
>> >> Hi all,
>> >>
>> >> I have just implemented squid with kerberos + ntlm + basic
>> >> authentication.
>> >>
>> >> I have just been told accessing a sharepoint website on the internet has
>> >> stopped working.
>> >>
>> >> It seems the site is running NTLM authentcation.
>> >>
>> >> I have wiresharked the traffic on the proxy and can see the request come
>> >> in from the client then out to the web server and the NTLM fields are
>> >> left in place.
>> >>
>> >> The sharepoint server is responding with a 401 unauthroized.
>> >>
>> >> Where would be the next place to start looking?
>> > Are you trying with Windows 7 clients? If yes, have you tried with a Windows
>> > XP one?
>> >
>> > I'm facing the same problem (getting Integrated Windows Authentication to
>> > work through Squid) and as long as clients are Windows XP it works fine.
>> >
>> > If this is the case, I can tell you that we already tried to lower the
>> > security settings in Windows 7 to something comparable to those of Windows
>> > XP but still see differences in behaviour (and still have the problem)...
>> >
>> > Regards, Javier
>> >
>> > PS: excuse me OP if the message went through twice, but Andoird doesn't
>> > let me send plain text emails and the first one got bounced :(
>> >
>> >> I am running 3.1.10.
>> >>
>> >> Thanks all,
>> >>
>> >> Simon
>> >>
>
>
Received on Wed Apr 18 2012 - 21:18:12 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 19 2012 - 12:00:03 MDT