RE: [squid-users] squid using NTLM Authentication - failed to acc ess sites that required authentication from Wood, Jeremy on 2001-04-16 (squid-users)

From: Wood, Jeremy <WoodJ@dont-contact.us>
Date: Mon, 16 Apr 2001 09:07:43 -0400

If by "transparent proxying" you mean NTLM Authen (Windows don't ask me a
password for authent) then yes.

----Jer

-----Original Message-----
From: Robert Collins [mailto:robert.collins@itdomain.com.au]
Sent: Monday, April 16, 2001 9:05 AM
To: Wood, Jeremy
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] squid using NTLM Authentication - failed to
access sites that required authentication

Partially. Are you using transparent proxying?

Rob

----- Original Message -----
From: "Wood, Jeremy" <WoodJ@metatec.com>
To: "'Robert Collins'" <robert.collins@itdomain.com.au>; "Wood, Jeremy"
<WoodJ@metatec.com>
Cc: <squid-users@squid-cache.org>
Sent: Monday, April 16, 2001 11:02 PM
Subject: RE: [squid-users] squid using NTLM Authentication - failed to
access sites that required authentication

> Sure ---
>
> The problem I'm seeing with the fault I reported and the external site
> authentication seperately. When I was trying to access sites that
required
> authentication via a pop-up box I recieved the same viewing error that
> Borris did. However, if I turned NTLM off and used basic
authentication and
> tried the view the page again, I would get the pop-up login box for
the
> site. Is that what you were looking for??
>
> ----Jer
>
> -----Original Message-----
> From: Robert Collins [mailto:robert.collins@itdomain.com.au]
> Sent: Monday, April 16, 2001 8:58 AM
> To: Wood, Jeremy
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] squid using NTLM Authentication - failed to
> access sites that required authentication
>
>
> Could you answer the question I asked Boris?
>
> You haven't previously indicated a correlation between the fault you
> reported and external sites requireing authentication - was that an
> oversight or are you seeing two distinct problems?
>
> Thanks,
> Rob
>
> ----- Original Message -----
> From: "Wood, Jeremy" <WoodJ@metatec.com>
> To: "'Robert Collins'" <robert.collins@itdomain.com.au>
> Sent: Monday, April 16, 2001 10:55 PM
> Subject: RE: [squid-users] squid using NTLM Authentication - failed to
> access sites that required authentication
>
>
> > I've been having the same problem. For example when trying to log
> into
> > Cisco TAC.
> >
> > Jeremy Wood
> > Server Technologist
> > Metatec International, Inc
> > 614.761.2000 ext 4511
> > woodj@metatec.com
> >
> > "So tell me, how do you chmod chmod?"
> >
> >
> > -----Original Message-----
> > From: Robert Collins [mailto:robert.collins@itdomain.com.au]
> > Sent: Thursday, April 12, 2001 7:34 AM
> > To: Boris Segal; squid-users@squid-cache.org
> > Subject: Re: [squid-users] squid using NTLM Authentication - failed
to
> > access sites that required authentication
> >
> >
> > That's unexpected. It works fine for authenticated sites using both
> > basic and digest authentication.
> >
> > You're not trying to do "transparent proxying" and authentication at
> the
> > same time are you?
> >
> > The error about fixErrorHeader: state 4 indicates that an _already_
> > authenticated client is sending authentication again.
> >
> > a) This should have been trapped eariler on in squid - I'll look
into
> > that.
> > b) That is very bad behaviour on the clients part - or you are using
> > transparent caching.
> >
> > Rob
> >
> > ----- Original Message -----
> > From: "Boris Segal" <BORISSE@amdocs.com>
> > To: <squid-users@squid-cache.org>
> > Sent: Thursday, April 12, 2001 10:29 PM
> > Subject: [squid-users] squid using NTLM Authentication - failed to
> > access sites that required authentication
> >
> >
> > > Hello,
> > >
> > > We are using squid proxy (Version 2.5) on Solaris 2.8 X86
platform.
> > >
> > > the squid run with NTLM authentication mode for internal users
> > > authentication - this works fine.
> > >
> > > But, When trying to access web sites that require user
> Authentication
> > (by
> > > opening new Authentication window) we failed.
> > >
> > > site for example: http://www.baker.edu/administration/ininfo/
> > >
> > > we get : The page cannot be displayed error page
> > >
> > > when not using the NTLM Authentication on the proxy we manage to
get
> > to
> > > those sites.
> > >
> > > (https sites and sites that run a cgi authentication works fine
> also -
> > the
> > > problem exist only when the other side require
> > >
> > > In the squid debug log we get :
> > >
> > > 2001/03/18 12:13:03| authenticateNTLMFixErrorHeader: state 4.
> > >
> > > 2001/03/18 12:13:03| storeDirWriteCleanLogs: Starting...
> > >
> > > 2001/03/18 12:13:03| WARNING: Closing open FD 17
> > >
> > > 2001/03/18 12:13:03| Finished. Wrote 20005 entries.
> > >
> > > 2001/03/18 12:13:03| Took 0.1 seconds (397137.4 entries/sec).
> > >
> > > FATAL: unexpected state in AuthenticateNTLMFixErrorHeader.
> > >
> > > Squid Cache (Version 2.5.DEVEL): Terminated abnormally.
> > >
> > > It seems that squid doing a restart to himself during this
problem,
> > that's
> > > why we get the error : the page can't be displayed.
> > >
> > >
> > >
> > > Any ideas ?
> > >
> > > should we configure some how the header in such a way that the
proxy
> > won't
> > > pass it to the remote site ?
> > >
> > > does the proxy actually pass the username that was taken from the
> > header
> > > (while authenticate) to the remote site ?
> > >
> > >
> > >
> > > Any help will be appriciate.
> > >
> > > Thank you,
> > >
> > > Boris Segal
> > >
> > >
> >
>
Received on Mon Apr 16 2001 - 07:07:50 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:19 MST