This is a know misfeature when MS NTLM authentication is enabled on Internet
servers.. Squid and other HTTP compliand proxes needs to be taught that NTLM
authentication is not HTTP compliant and cannot be proxied (not even by MS
Proxy), and to remove ntlm from the list of available authentication shemes
proposed by proxied servers...
Thankfully only MS IE implements MS NTLM authentication.. And current
versions automatically disable the use of NTLM when configured to use a proxy.
Regards
Henrik
Madhav Diwan wrote:
> Thanks Henrik, i rather thought that there was little i could do about
> the redirect from the server.
>
>
> I have another question , this one involves the transparent proxy and
> authentication via Microsoft's Internet Explorer.
>
>
> If I try to login in to my outlook web access ( Exchange 2000 , with a
> external server as a active directory domain controller) via transparent
> proxy using Netscape :
>
> http://squidecacheaddy/exchange
>
> I get a user name and password fields,
>
> If i try from MSIE i get a user name, password, and domain name fields.
> I cannot seem to login using IE , it asks three times and then I get
> rejected. The domain name field can be empty or correct , it still does
> not authenticate.
>
> But the Netscape, Mozilla, and Opera browsers all work fine, none of
> these ever give me a domain name field to fill out.
>
> Is this something anyone has solved before?
>
> Would enabling squid to anonymize me help me out here .. IE the fact
> that I am using Internet Explorer could be concealed and maybe I would
> get though properly? Or does anonymizing not work with transparent
> proxy?
>
>
> Thanks
>
> Madhav
>
> On Wed, 2002-05-29 at 18:22, Henrik Nordstrom wrote:
> > Madhav Diwan wrote:
> > > Could someone please explain the difference between the Direct and
> > > Connect options and how and when they are used?
> >
> > What options? Where?
> >
> > There is no "Direct" or "Connect" options in Squid.
> >
> > > I would also like to
> > > know what effect these options have on redirection responses from a
> > > server behind a transparent proxy.
> >
> > I assume we are talking a reverse proxy here?
> >
> > Squid by default has no means of altering redirects sent by servers.
> >
> > > i get the initial password but then the url is rewritten by the
> > > server to http://www.mysquid.com/exchange , and i need to sign in again
> > > : since i have squid listening on both port 80 and port 443 this does
> > > not pose a problem ... the session takes place on http instead of
> > > https. But I want to continue using https....
> >
> > This can be one of two things
> >
> > a) A redirect sent by the server (log_mime_hdrs will tell you)
> >
> > b) A absolute URL encoded into the HTML form
> >
> > Regards
> > Henrik
Received on Thu May 30 2002 - 14:25:16 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:17 MST