Re: [squid-users] Authenticating to sharepoint NTLM

From: Simon Dwyer <mail_at_simmyd.net>
Date: Thu, 19 Apr 2012 08:05:11 +1000

Hi Javier,

Well you will be glad to know that i am using IWA with windows 7 and its
working great it most part.

by IWA i mean using negotiated kerberos authentication which is what i
think IWA basically is

There are just a few hicckups that happen but that also happens with
NTLM being this issue.

I also cannot get itunes to use the proxy properly with authentication
due to 100 popups asking for passwords.

I will be working on this sharepoint issue more tomorrow however.

Cheers,

Simon

On Wed, 2012-04-18 at 23:18 +0200, Javier Conti wrote:
> On 18 April 2012 23:07, Simon Dwyer <mail_at_simmyd.net> wrote:
> > I have seen this problem on a windows 7 and a Fedora 16 machine. I
> > think i can rule out the windows machine for once ;)
> >
> > I am using FF on the linux machine... is that known to have double ntlm
> > issues?
>
> It is known for Windows 7 (I don't know about Linux clients) to behave
> differently from Windows XP.
>
> As Clem suggested, there are a few settings that should make 7 behave
> similarly to XP. I tried all of them (according to support at least) but
> unfortunately, the problem persists.
>
> I would be more than happy to know that someone is successfully doing
> Integrated Windows Authentication through Squid with a Windows 7 client!
>
> Regards, Javier
>
> >
> > Simon
> >
> > On Wed, 2012-04-18 at 19:36 +0200, Clem wrote:
> >> Hello,
> >>
> >> Try to set "Send LM & NTLM - use NTLMv2 session security if negotiated"
> >> in local policies (secpol.msc)
> >>
> >> Go to: Local Policies > Security Options
> >>
> >> Find "Network Security: LAN Manager authentication level"
> >>
> >> Change Setting from "Send NTLMv2 response only"
> >> to
> >> "Send LM & NTLM - use NTLMv2 session security if negotiated"
> >>
> >> Good luck !
> >>
> >>
> >> Clem
> >>
> >> Le 18/04/2012 18:51, Javier Conti a écrit :
> >> > On 18 April 2012 07:33, Simon Dwyer<mail_at_simmyd.net> wrote:
> >> >> Hi all,
> >> >>
> >> >> I have just implemented squid with kerberos + ntlm + basic
> >> >> authentication.
> >> >>
> >> >> I have just been told accessing a sharepoint website on the internet has
> >> >> stopped working.
> >> >>
> >> >> It seems the site is running NTLM authentcation.
> >> >>
> >> >> I have wiresharked the traffic on the proxy and can see the request come
> >> >> in from the client then out to the web server and the NTLM fields are
> >> >> left in place.
> >> >>
> >> >> The sharepoint server is responding with a 401 unauthroized.
> >> >>
> >> >> Where would be the next place to start looking?
> >> > Are you trying with Windows 7 clients? If yes, have you tried with a Windows
> >> > XP one?
> >> >
> >> > I'm facing the same problem (getting Integrated Windows Authentication to
> >> > work through Squid) and as long as clients are Windows XP it works fine.
> >> >
> >> > If this is the case, I can tell you that we already tried to lower the
> >> > security settings in Windows 7 to something comparable to those of Windows
> >> > XP but still see differences in behaviour (and still have the problem)...
> >> >
> >> > Regards, Javier
> >> >
> >> > PS: excuse me OP if the message went through twice, but Andoird doesn't
> >> > let me send plain text emails and the first one got bounced :(
> >> >
> >> >> I am running 3.1.10.
> >> >>
> >> >> Thanks all,
> >> >>
> >> >> Simon
> >> >>
> >
> >
Received on Wed Apr 18 2012 - 22:05:20 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 19 2012 - 12:00:03 MDT