Re: [squid-users] Squid authentication & IE6

From: Mike Diggins <diggins@dont-contact.us>
Date: Fri, 20 Sep 2002 09:08:08 -0400 (Eastern Daylight Time)

Graeme,

Thanks for the update. Did Microsoft say if this file was for a specific
version of Windows or would it work for any release (W98, W2K, XP)?

-Mike

On Fri, 20 Sep 2002, Graeme wrote:

> here is the best resolution i could get from microsoft
>
> over write the wininet.dll in /winnt/system32/ddlcache and
> /winnt/system32 within the attached file. i have tested and it works..
>
> another great resolution from microsoft
>
>
> cheers
> Graeme
>
>
> Wei Keong wrote:
> >
> > Hi Mike,
> >
> > Does 'Enable Integrated Windows Auth' help in your IE6 SP1 - Win2K?
> >
> > I tried that on IE6 SP1 - Win98, does not seems to help. I think MS made
> > more authentication changes to IE6 SP1 (not responding to
> > negotiate challenge at all).
> >
> > Hi Graema,
> >
> > We also notice the similar problem in IE6 SP1. I wonder what the browser
> > has send (together with the password) such that it triggles Squid to
> > return the reset packet.
> >
> > I think this browser will annoy a lot of users. How do we go about
> > escalate this to the IE engineers?
> >
> > Rgds,
> > Wei Keong
> >
> > On Thu, 19 Sep 2002, Graeme wrote:
> >
> > > Guy
> > >
> > > i hope this problem has not been asked before, but i have scoured the
> > > archive and have found nothing
> > >
> > > setup is as follows
> > >
> > > linux redhat 7.3 kernel 2.4.18-3
> > > squid 2.4 stable 7
> > > radius auth to mysql db
> > > browsers proxy directly to squid
> > > browser ie6 sp1 on xp
> > >
> > > if i use and browser on any OS except the one listed above every thing
> > > works fine.. i get prompted for auth , and off i go
> > >
> > > if i use ie6 sp1 i get asked for auth. and the browser says page cannot
> > >
> > > be displayed. If i give the incorrect password the browser does not re
> > > prompt me for authentication (like it does on other browsers).
> > > if i supply the correct password and get page cannot be display, a click
> > >
> > > of the refresh button get every thing working fine... from then on it it
> > >
> > > is fine unless i close the browser
> > >
> > > tcpdump reveals a reset packet from the squid box as soon as i submit my
> > >
> > > password. Any other browser does not illicit a reset packet.
> > >
> > > i took a xp pc with default install.. tested and it works like a
> > > dream. as soon as i upgrade the ie6 to sp1 i get this problem. so it
> > > would appear that it is directly related to ie6 sp1.
> > >
> > > if i turn auth off on the proxy all browser work.
> > >
> > > it of course is the end of the world... no one can click refresh once a
> > > day.. so any help would be appreciated
> > >
> > >
> > > cheers
> > >
> > > Graeme
> >
> > On Thu, 19 Sep 2002, Mike Diggins wrote:
> >
> > >
> > > IE6 has been working without error for me since it was released. I
> > > verified this again just now. However, I installed IE6 SP1 on my Windows
> > > 2000 computer today at work and the problem appeared immediately. The
> > > login box appears, I type in my credentials and then get a "The Page
> > > cannot be displayed" message. Typing in another URL such as www.yahoo.com
> > > doesn't work well either. However, clicking the refresh button seems to
> > > get things working for the duration of that session.
> > >
> > > -Mike
> > >
> > > On Thu, 19 Sep 2002, Wei Keong wrote:
> > >
> > > > Hi Mike,
> > > >
> > > > According to the following, IE6 for Win98, WinME, WinNT4.0 will not work
> > > > with squid auth. IE6 for Win2000 (and WinXP ?) will require tuning.
> > > >
> > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q299838
> > > >
> > > > > NOTE: Internet Explorer 6 for Windows 98, Internet Explorer 6 for
> > > > > Windows 98 Second Edition, Internet Explorer 6 for Windows Millennium
> > > > > Edition, and Internet Explorer 6 for Windows NT 4.0 do not respond to a
> > > > > negotiate challenge and default to NTLM (or Windows NT
> > > > > Challenge/Response) authentication even if the Enable Integrated Windows
> > > > > Authentication (requires restart) check box is selected because this
> > > > > feature is not available on these operating systems.
> > > >
> > > > Could others please confirm?
> > > >
> > > > Thanks,
> > > > Wei Keong
> > > >
> > > >
> > > >
> > > >
> > > > On Wed, 18 Sep 2002, Mike Diggins wrote:
> > > >
> > > > >
> > > > > I too have been noticing the same behavior in the last week or so. I
> > > > > didn't clue in until I saw your post however. Do you think it could be IE
> > > > > 6 SP1? I didn't have the problem with IE 6. I've only noticed it on my
> > > > > home computer running XP. I installed both IE6 SP1 and XP SP1 at the same
> > > > > time. Netscape 4.7 with the same home page via Squid doesn't have the
> > > > > problem from the same computer. Anyone else see this?
> > > > >
> > > > > -Mike
> > > > >
> > > > > On Thu, 19 Sep 2002, Wei Keong wrote:
> > > > >
> > > > > > Hi all,
> > > > > >
> > > > > > I'm running Squid authentication and encounter problem with IE6.
> > > > > >
> > > > > > When IE6 is launched, the authentication prompt will popup as expected.
> > > > > > However, after correct userid/passwd is sent, the browser is not able
> > > > > > to display the home/default page. The page will only appear after a
> > > > > > refresh.
> > > > > >
> > > > > > Squid log shows that it has received the userid/passwd and returned OK.
> > > > > > But, there is no request observed in Access.log (when not refresh)
> > > > > >
> > > > > > I found the following in IE6 forum and like to confirm if it's really a
> > > > > > IE6 bug. Does anybody know any workaround?
> > > > > >
> > > > > >
> > > > > > > From: "AnatoliyShibkov" <shibkov@hotbox.ru>
> > > > > > > Sent: 6/12/2002 12:59:31 AM
> > > > > > >
> > > > > > > IE 6.0 doesn't choose Negotiate sheme if it present in
> > > > > > > Proxy-Authenticate header.
> > > > > > > (I set neccessary checkbox for enabling windows integrated
> > > > > > > auth, of course).
> > > > > > > For WWW-Authenticate everything is OK.
> > > > > > > When there is only Negotiate scheme in Proxy response
> > > > > > > IE 6.0 doesn't authenticate user.
> > > > > > > ISA Server uses NTLM and Negotiate.
> > > > > > > IE 6.0 chooses NTLM.
> > > > > > > IE 5.0 has no such a problem.
> > > > > >
> > >
>
> --
> Never underestimate the power of stupid people
> in large groups.

        ** *** ****** Mike Diggins
       **** **** ******** Analyst, Networks
      ** ******* ** ** Computing and Information Services
     ** ** ** ** ** McMaster University, Hamilton, Ontario
    ** ** ** ** (905) 525-9140 Ext. 27471 ABB131A
   ** ** ********* Fax: (905) 528-3773
  *** *** ******** Email: diggins@mcmaster.ca
Received on Fri Sep 20 2002 - 07:08:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:22 MST