RE: [squid-users] unexpected state in AuthenticateNTLMFixErrorHea der (squid crash)

The answer is still no, they don't. Have a look at the squid FAQ on
authentication - there are links to the relevant MS Technet technotes.

===detail===

MS Proxy server has 3 different proxies
WINSOCK
SOCKS (4 only I think)
HTTP.

It can proxy HTTP w/NTLM auth using the WINSOCK or SOCKS proxies, but it
cannot do it via the HTTP proxy. (WINSOCK and SOCKS provide tunnel-mode
proxy , not request based like http).

Dante is a open source SOCKS and WINSOCK proxy server that you might
like to look into... but it won't help your misconfigured clients :-/

Rob

  
-----Original Message-----
From: Garner, Robin [mailto:Robin.Garner@crsrehab.gov.au]
Sent: Wednesday, May 02, 2001 11:22 AM
To: Robert Collins; 'Henrik Nordstrom'
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] unexpected state in
AuthenticateNTLMFixErrorHea der (squid crash)

Sorry, - not making myself clear.
Do Microsoft proxies have some hack that lets them proxy NTLM
authentication ? It's an issue I run into, because our Intranet server
is IIS. A misconfigured client occasionally tries to access the
Intranet via the proxy, and of course gets rejected.

 
Cheers
-----Original Message-----
From: Robert Collins [mailto:robert.collins@itdomain.com.au]
Sent: Wednesday, 2 May 2001 10:54
To: Garner, Robin; 'Henrik Nordstrom'
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] unexpected state in
AuthenticateNTLMFixErrorHea der (squid crash)

----- Original Message -----
From: "Garner, Robin" <Robin.Garner@crsrehab.gov.au>
To: "'Henrik Nordstrom'" <hno@hem.passagen.se>
Cc: <squid-users@squid-cache.org>
Sent: Wednesday, May 02, 2001 10:49 AM
Subject: RE: [squid-users] unexpected state in
AuthenticateNTLMFixErrorHea der (squid crash)

> The server (one of the servers) in question is definitely apache, so
it's
> Basic or Digest authentication. I've seen your past comments about
NTLM
> authentication.
The sample page you gave before looks fine. This is a bug in squid.
> Can anyone on the list verify that Microsoft proxy servers suffer the
same
> problem ?
No need. They don't. Squid shouldn't either.
NTLM from client-squid should not cause this problem... During building
the NTLM support I test this exact case. So something funny is occuring.

Rob
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@hem.passagen.se]
> Sent: Wednesday, 2 May 2001 0:13
> To: Garner, Robin
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] unexpected state in
> AuthenticateNTLMFixErrorHea der (squid crash)
>
>
> Garner, Robin wrote:
> >
> > The other problem is that you can't access some Internet sites that
> > require authorization - the proxy doesn't seem to proxy the
> > authorization request. I'm not sure what authentication methods are

> > affected.
>
> NTLM authentication cannot be proxied due to a design flaw by MS in
NTLM
> authentication.
>
> Basic and Digest authentication should be proxied fine, and should
also
> work fine even if you are using NTLM authentication to authenticate to

> the proxy.
>
> --
> Henrik Nordstrom
> Squid Hacker
>
Received on Tue May 01 2001 - 20:04:33 MDT