RE: [squid-users] unexpected state in AuthenticateNTLMFixErrorHea der (squid crash) from Garner, Robin on 2001-05-01 (squid-users)

From: Garner, Robin <Robin.Garner@dont-contact.us>
Date: Wed, 2 May 2001 11:22:26 +1000

Sorry, - not making myself clear.

Do Microsoft proxies have some hack that lets them proxy NTLM authentication
? It's an issue I run into, because our Intranet server is IIS. A
misconfigured client occasionally tries to access the Intranet via the
proxy, and of course gets rejected.

Cheers

-----Original Message-----
From: Robert Collins [mailto:robert.collins@itdomain.com.au]
Sent: Wednesday, 2 May 2001 10:54
To: Garner, Robin; 'Henrik Nordstrom'
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] unexpected state in
AuthenticateNTLMFixErrorHea der (squid crash)

----- Original Message -----
From: "Garner, Robin" <Robin.Garner@crsrehab.gov.au>
To: "'Henrik Nordstrom'" <hno@hem.passagen.se>
Cc: <squid-users@squid-cache.org>
Sent: Wednesday, May 02, 2001 10:49 AM
Subject: RE: [squid-users] unexpected state in
AuthenticateNTLMFixErrorHea der (squid crash)

> The server (one of the servers) in question is definitely apache, so
it's
> Basic or Digest authentication. I've seen your past comments about
NTLM
> authentication.

The sample page you gave before looks fine. This is a bug in squid.

> Can anyone on the list verify that Microsoft proxy servers suffer the
same
> problem ?

No need. They don't. Squid shouldn't either.

NTLM from client-squid should not cause this problem... During building
the NTLM support I test this exact case. So something funny is occuring.

Rob

> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@hem.passagen.se]
> Sent: Wednesday, 2 May 2001 0:13
> To: Garner, Robin
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] unexpected state in
> AuthenticateNTLMFixErrorHea der (squid crash)
>
>
> Garner, Robin wrote:
> >
> > The other problem is that you can't access some Internet sites that
> > require authorization - the proxy doesn't seem to proxy the
> > authorization request. I'm not sure what authentication methods are
> > affected.
>
> NTLM authentication cannot be proxied due to a design flaw by MS in
NTLM
> authentication.
>
> Basic and Digest authentication should be proxied fine, and should
also
> work fine even if you are using NTLM authentication to authenticate to
> the proxy.
>
> --
> Henrik Nordstrom
> Squid Hacker
>
Received on Tue May 01 2001 - 19:20:24 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:47 MST