RE: [squid-users] NTLM tuning question

From: Van Bossche Koen <Koen.VanBossche@dont-contact.us>
Date: Mon, 24 Sep 2001 12:24:01 +0200

Thanks for replying Robert, my answers are between the lines.

BR/Koen

> -----Original Message-----
> From: Robert Collins [mailto:robert.collins@itdomain.com.au]
> Sent: 23 September 2001 08:43
> To: Van Bossche Koen; squid-users@squid-cache.org
> Subject: Re: [squid-users] NTLM tuning question
>
>
>
> ----- Original Message -----
> From: "Van Bossche Koen" <Koen.VanBossche@KONE.com>
> To: <squid-users@squid-cache.org>
> Sent: Friday, September 21, 2001 7:43 PM
> Subject: [squid-users] NTLM tuning question
>
>
> > How come the NTLM authentication works with or without
> filling in the
> > domain.
>
> I'm not surewhat you mean. Do you mean the domain in the pop
> up prompt,
> or a domain in the squid.conf file?
I mean the domain in the popup prompt. I does not seem to work the same as
the NT
authentication. I haven't checked, but would it also block after 3 times
wrong password?
 

> > The 2 parameters in the conf does not seem to make a
> difference. I use
> NTLM
> > without popping up the authentication box.
> > I have tested it for 2 weeks with 15 users and it occassionaly keeps
> popping
> > up. Sometimes when going back to the intranet and internet.
>
> The popups are caused by communications failures with the DC's. If you
> don't care about security you can turn on the ntlm fail open configure
> option, and configure the ntlm_auth helper to accept all
> usercodes when
> the DC cannot be communicated with.
>
> > Sometimes I suddenly get a box when the page is already displayed.
> This is
> > confusing for the users.
> > Does anyone can give me some advice on how to tune the NTLM
> authentication?
>
> I'm not sure what you are asking for. Do you have specific questions?
I would like to popup the NTLM just once every session, if it doesn't work
for me without password. Like we had it before with smb_auth. I have been
playing with the NTLM parameters within the squid.conf.
Though whatever I try I do not seem to get it right. I have done some tuning
on resolving with the host command and changed my resolv.conf file. Though
it doesn't change much.
At this moment I receive a popup box when I ask an internet page and when
the page is loaded it will give again a popup box.

My feeling is that NTLM is much more sensible than the other methods of
authentication.
With smb_auth it works fine. However I much rather would like to use the
NTLM method of authenticating and so do the users. It probably also has
something to do with the IPNET our company is using.

>
> Rob
>
Received on Mon Sep 24 2001 - 04:24:08 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:28 MST