Hi,
I encounter the following strange problem with NTLM authentication.
We have a squid proxy, a windows 2003 domain controller, and 200 windows XP professional workstations.
95% of the people here have no problems with surfing the internet while NTLM auth is on. The other 5% though have alot of problems; after a while (and a while could be anywhere between 3 pageviews or 25 pageviews) their browser hangs. It is linked to NTLM authentication because if that is turned off, then the problem disappears.
When the troubled users stop and start their browser, they can surf again for a few clicks.
A browser hang, in this case, means they can click on a link, but nothing happens. You can still access the menus in IE and exit IE normally.
We are currently running squid 2.5stable9, from Debian Sarge, the workstations all have the latest patches. This problem is bothering us for over a year now.
Note that at some clients the problem disappears when we, in IE, check the box "use http 1.1 through proxy connections". Though I read everywhere that you should not check that box when using a squid proxy.
Anyone else sees this? A solution?
Some snippets from the configs:
/etc/squid/squid.conf:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 75
auth_param ntlm max_challenge_reuses 1000
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off
/etc/samba/smb.conf:
winbind cache time = 60
workgroup = OurWorkgroup
realm = OurRealm
password server = 192.168.1.10
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
Kind regards,
Kenneth van Grinsven
Received on Wed Jul 06 2005 - 06:16:46 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT