> I turned on log_mime_hdrs as you asked, and here's the output:
>
> 1098069200.802 1 10.0.1.8 TCP_DENIED/407 1747 GET
> http://www.google.com/ - NONE/- text/html [Accept: image/gif,
> image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint,
> application/vnd.ms-excel, application/msword, application/x-shockwave-flash,
> */*\r\nAccept-Language: en-au\r\nCookie:
> PREF=ID=17238ed846c9d38d:CR=1:TM=1096527005:LM=1096527005:S=kyLy_3fTUQxpLp2g
> \r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR
> 1.1.4322)\r\nHost: www.google.com\r\nProxy-Connection: Keep-Alive\r\n]
> [HTTP/1.0 407 Proxy Authentication Required\r\nServer:
> squid/2.5.STABLE6\r\nMime-Version: 1.0\r\nDate: Mon, 18 Oct 2004 03:13:20
> GMT\r\nContent-Type: text/html\r\nContent-Length: 1320\r\nExpires: Mon, 18
> Oct 2004 03:13:20 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED
> 0\r\nProxy-Authenticate: Basic realm="Pandora Squid Test Proxy blah blah
> blah"\r\nProxy-Authenticate: NTLM\r\n\r]
I hope if you use NTLM + BASIC authentication with winbind on samba then it will make one tcp_denied on access.log there when we
start testing there. But authentication will generate requests there without fail there for that. Can you post successive logs from
access.log there. You can turn off log_mime_hdrs there.
> The dummy username used was "restricted" and the password was "password".
> This user worked with basic auth after the NTLM auth failed.
You can verify this as, by removing basic authentication and use only NTLM authentication. It will make one TCP_DENIED message, but
web requests will be generated there on browser. Check this out.
Regards
Muthu
--- =============== It is a "Virus Free Mail" =============== Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.777 / Virus Database: 524 - Release Date: 10/14/2004Received on Sun Oct 17 2004 - 23:58:01 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:02 MST