Re: [squid-users] Squid authentication & IE6

Hi,

Just a note on this issue. We have been working with Microsoft.
According to them we are the first to bring it up with them (??!!).
They said it's a bug in the dll and they are working on a fix. Anyway I
thought everyone would like to know that Microsoft admits the bug and
they say there going to fix it.

Carl

>>> Graeme <graeme@ddsecurity.co.za> 09/20/02 04:16AM >>>
here is the best resolution i could get from microsoft

over write the wininet.dll in /winnt/system32/ddlcache and
/winnt/system32 within the attached file. i have tested and it works..

another great resolution from microsoft

cheers
Graeme

Wei Keong wrote:
>
> Hi Mike,
>
> Does 'Enable Integrated Windows Auth' help in your IE6 SP1 - Win2K?
>
> I tried that on IE6 SP1 - Win98, does not seems to help. I think MS
made
> more authentication changes to IE6 SP1 (not responding to
> negotiate challenge at all).
>
> Hi Graema,
>
> We also notice the similar problem in IE6 SP1. I wonder what the
browser
> has send (together with the password) such that it triggles Squid to
> return the reset packet.
>
> I think this browser will annoy a lot of users. How do we go about
> escalate this to the IE engineers?
>
> Rgds,
> Wei Keong
>
> On Thu, 19 Sep 2002, Graeme wrote:
>
> > Guy
> >
> > i hope this problem has not been asked before, but i have scoured
the
> > archive and have found nothing
> >
> > setup is as follows
> >
> > linux redhat 7.3 kernel 2.4.18-3
> > squid 2.4 stable 7
> > radius auth to mysql db
> > browsers proxy directly to squid
> > browser ie6 sp1 on xp
> >
> > if i use and browser on any OS except the one listed above every
thing
> > works fine.. i get prompted for auth , and off i go
> >
> > if i use ie6 sp1 i get asked for auth. and the browser says page
cannot
> >
> > be displayed. If i give the incorrect password the browser does
not re
> > prompt me for authentication (like it does on other browsers).
> > if i supply the correct password and get page cannot be display, a
click
> >
> > of the refresh button get every thing working fine... from then on
it it
> >
> > is fine unless i close the browser
> >
> > tcpdump reveals a reset packet from the squid box as soon as i
submit my
> >
> > password. Any other browser does not illicit a reset packet.
> >
> > i took a xp pc with default install.. tested and it works like a
> > dream. as soon as i upgrade the ie6 to sp1 i get this problem. so
it
> > would appear that it is directly related to ie6 sp1.
> >
> > if i turn auth off on the proxy all browser work.
> >
> > it of course is the end of the world... no one can click refresh
once a
> > day.. so any help would be appreciated
> >
> >
> > cheers
> >
> > Graeme
>
> On Thu, 19 Sep 2002, Mike Diggins wrote:
>
> >
> > IE6 has been working without error for me since it was released. I
> > verified this again just now. However, I installed IE6 SP1 on my
Windows
> > 2000 computer today at work and the problem appeared immediately.
The
> > login box appears, I type in my credentials and then get a "The
Page
> > cannot be displayed" message. Typing in another URL such as
www.yahoo.com
> > doesn't work well either. However, clicking the refresh button
seems to
> > get things working for the duration of that session.
> >
> > -Mike
> >
> > On Thu, 19 Sep 2002, Wei Keong wrote:
> >
> > > Hi Mike,
> > >
> > > According to the following, IE6 for Win98, WinME, WinNT4.0 will
not work
> > > with squid auth. IE6 for Win2000 (and WinXP ?) will require
tuning.
> > >
> > > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q299838
> > >
> > > > NOTE: Internet Explorer 6 for Windows 98, Internet Explorer 6
for
> > > > Windows 98 Second Edition, Internet Explorer 6 for Windows
Millennium
> > > > Edition, and Internet Explorer 6 for Windows NT 4.0 do not
respond to a
> > > > negotiate challenge and default to NTLM (or Windows NT
> > > > Challenge/Response) authentication even if the Enable
Integrated Windows
> > > > Authentication (requires restart) check box is selected because
this
> > > > feature is not available on these operating systems.
> > >
> > > Could others please confirm?
> > >
> > > Thanks,
> > > Wei Keong
> > >
> > >
> > >
> > >
> > > On Wed, 18 Sep 2002, Mike Diggins wrote:
> > >
> > > >
> > > > I too have been noticing the same behavior in the last week or
so. I
> > > > didn't clue in until I saw your post however. Do you think it
could be IE
> > > > 6 SP1? I didn't have the problem with IE 6. I've only noticed
it on my
> > > > home computer running XP. I installed both IE6 SP1 and XP SP1
at the same
> > > > time. Netscape 4.7 with the same home page via Squid doesn't
have the
> > > > problem from the same computer. Anyone else see this?
> > > >
> > > > -Mike
> > > >
> > > > On Thu, 19 Sep 2002, Wei Keong wrote:
> > > >
> > > > > Hi all,
> > > > >
> > > > > I'm running Squid authentication and encounter problem with
IE6.
> > > > >
> > > > > When IE6 is launched, the authentication prompt will popup as
expected.
> > > > > However, after correct userid/passwd is sent, the browser is
not able
> > > > > to display the home/default page. The page will only appear
after a
> > > > > refresh.
> > > > >
> > > > > Squid log shows that it has received the userid/passwd and
returned OK.
> > > > > But, there is no request observed in Access.log (when not
refresh)
> > > > >
> > > > > I found the following in IE6 forum and like to confirm if
it's really a
> > > > > IE6 bug. Does anybody know any workaround?
> > > > >
> > > > >
> > > > > > From: "AnatoliyShibkov" <shibkov@hotbox.ru>
> > > > > > Sent: 6/12/2002 12:59:31 AM
> > > > > >
> > > > > > IE 6.0 doesn't choose Negotiate sheme if it present in
> > > > > > Proxy-Authenticate header.
> > > > > > (I set neccessary checkbox for enabling windows integrated
> > > > > > auth, of course).
> > > > > > For WWW-Authenticate everything is OK.
> > > > > > When there is only Negotiate scheme in Proxy response
> > > > > > IE 6.0 doesn't authenticate user.
> > > > > > ISA Server uses NTLM and Negotiate.
> > > > > > IE 6.0 chooses NTLM.
> > > > > > IE 5.0 has no such a problem.
> > > > >
> >

-- 
Never underestimate the power of stupid people 
in large groups.