RE: [squid-users] squid using NTLM Authentication - failed to acc ess sites that required authentication

From: Wood, Jeremy <WoodJ@dont-contact.us>
Date: Mon, 16 Apr 2001 09:02:59 -0400

Sure ---

The problem I'm seeing with the fault I reported and the external site
authentication seperately. When I was trying to access sites that required
authentication via a pop-up box I recieved the same viewing error that
Borris did. However, if I turned NTLM off and used basic authentication and
tried the view the page again, I would get the pop-up login box for the
site. Is that what you were looking for??

----Jer

-----Original Message-----
From: Robert Collins [mailto:robert.collins@itdomain.com.au]
Sent: Monday, April 16, 2001 8:58 AM
To: Wood, Jeremy
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] squid using NTLM Authentication - failed to
access sites that required authentication

Could you answer the question I asked Boris?

You haven't previously indicated a correlation between the fault you
reported and external sites requireing authentication - was that an
oversight or are you seeing two distinct problems?

Thanks,
Rob

----- Original Message -----
From: "Wood, Jeremy" <WoodJ@metatec.com>
To: "'Robert Collins'" <robert.collins@itdomain.com.au>
Sent: Monday, April 16, 2001 10:55 PM
Subject: RE: [squid-users] squid using NTLM Authentication - failed to
access sites that required authentication

> I've been having the same problem. For example when trying to log
into
> Cisco TAC.
>
> Jeremy Wood
> Server Technologist
> Metatec International, Inc
> 614.761.2000 ext 4511
> woodj@metatec.com
>
> "So tell me, how do you chmod chmod?"
>
>
> -----Original Message-----
> From: Robert Collins [mailto:robert.collins@itdomain.com.au]
> Sent: Thursday, April 12, 2001 7:34 AM
> To: Boris Segal; squid-users@squid-cache.org
> Subject: Re: [squid-users] squid using NTLM Authentication - failed to
> access sites that required authentication
>
>
> That's unexpected. It works fine for authenticated sites using both
> basic and digest authentication.
>
> You're not trying to do "transparent proxying" and authentication at
the
> same time are you?
>
> The error about fixErrorHeader: state 4 indicates that an _already_
> authenticated client is sending authentication again.
>
> a) This should have been trapped eariler on in squid - I'll look into
> that.
> b) That is very bad behaviour on the clients part - or you are using
> transparent caching.
>
> Rob
>
> ----- Original Message -----
> From: "Boris Segal" <BORISSE@amdocs.com>
> To: <squid-users@squid-cache.org>
> Sent: Thursday, April 12, 2001 10:29 PM
> Subject: [squid-users] squid using NTLM Authentication - failed to
> access sites that required authentication
>
>
> > Hello,
> >
> > We are using squid proxy (Version 2.5) on Solaris 2.8 X86 platform.
> >
> > the squid run with NTLM authentication mode for internal users
> > authentication - this works fine.
> >
> > But, When trying to access web sites that require user
Authentication
> (by
> > opening new Authentication window) we failed.
> >
> > site for example: http://www.baker.edu/administration/ininfo/
> >
> > we get : The page cannot be displayed error page
> >
> > when not using the NTLM Authentication on the proxy we manage to get
> to
> > those sites.
> >
> > (https sites and sites that run a cgi authentication works fine
also -
> the
> > problem exist only when the other side require
> >
> > In the squid debug log we get :
> >
> > 2001/03/18 12:13:03| authenticateNTLMFixErrorHeader: state 4.
> >
> > 2001/03/18 12:13:03| storeDirWriteCleanLogs: Starting...
> >
> > 2001/03/18 12:13:03| WARNING: Closing open FD 17
> >
> > 2001/03/18 12:13:03| Finished. Wrote 20005 entries.
> >
> > 2001/03/18 12:13:03| Took 0.1 seconds (397137.4 entries/sec).
> >
> > FATAL: unexpected state in AuthenticateNTLMFixErrorHeader.
> >
> > Squid Cache (Version 2.5.DEVEL): Terminated abnormally.
> >
> > It seems that squid doing a restart to himself during this problem,
> that's
> > why we get the error : the page can't be displayed.
> >
> >
> >
> > Any ideas ?
> >
> > should we configure some how the header in such a way that the proxy
> won't
> > pass it to the remote site ?
> >
> > does the proxy actually pass the username that was taken from the
> header
> > (while authenticate) to the remote site ?
> >
> >
> >
> > Any help will be appriciate.
> >
> > Thank you,
> >
> > Boris Segal
> >
> >
>
Received on Mon Apr 16 2001 - 07:03:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:19 MST