Re: [squid-users] HTML NTLM and 2.6 not behaving

G'day,

I'd start by grabbing tcpdump/ethereal/wireshark and sniffing the traffic
on the Squid-2.5 and Squid-2.6 servers. Remember to snapshot the entire
packet with tcpdump (-s 1518) if you want to use tcpdump to capture
a pcap file that you can then read in ethereal/wireshark on another box.

Enabling the header logging in Squid may help too (log_mime_hdrs on) but
its not always that helpful for debugging authentication issues.

Then compare the request and reply headers from both Squid-2.5 and Squid-2.6
to see what sort of differences you see. If there aren't any differences
(ie, the origin server gets -exactly- the same request and returns -exactly-
the same reply) then there's something stranger going on.

Take all of this info, whack it in a bugzilla report (http://bugs.squid-cache.org/)
and wait for a volunteer to help. :0

Adrian

On Fri, Mar 14, 2008, NOCTECH noctech wrote:
> Having a rather difficult to fathom problem with a user logging into
> some external Outlook WebAccess webmail server. I've read a bunch of
> posts about the problems with NTLM and Squid <= 2.5, but this one is
> stumping me.
>
> A little bit about our setup -- using multiple squid and dg boxes and a
> WCCP router to transparently cache/filter the web.
>
> Most of our squid caches are 2.6, but we still have two remaining that
> are version 2.5 that we're phasing out. The odd thing is, the login
> seems to work correctly with squid 2.5 and incorrectly with 2.6, which
> is exactly backwards of what I expect. When I proxy directly to one of
> the squid 2.6 boxes, specifically:
>
> Squid Cache: Version 2.6.STABLE18
> configure options: '--prefix=/usr' '--sysconfdir=/etc/squid'
> '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--localstatedir=/var'
> '--libexecdir=/usr/sbin' '--datadir=/usr/share/squid'
> '--mandir=/usr/share/man' '--with-maxfd=4096' '--disable-useragent-log'
> '--enable-ssl' '--with-openssl' '--disable-ident-lookups'
> '--enable-poll' '--enable-truncate' '--enable-gnuregex'
> '--enable-async-io' '--with-pthreads' '--with-aio' '--with-dl'
> '--enable-storeio=aufs,diskd,ufs,coss,null'
> '--enable-removal-policies=heap,lru' '--enable-kill-parent-hack'
> '--enable-forw-via-db' '--enable-linux-netfilter' '--enable-underscores'
> '--enable-x-accelerator-vary'
>
> I get a login box (in firefox) that reads:
> Enter username and password for "" at http://mail.example.com
>
> When I put in the credentials and click OK, the box just keeps coming
> back. When I click cancel, I get a different login box:
> Enter username and password for "mail.example.com" at
> http://mail.example.com
>
> and the login works.
>
> If I proxy directly to one of the 2.5 boxes:
> Squid Cache: Version 2.5.STABLE4
> configure options: --disable-useragent-log --enable-ssl --with-openssl
> --disable-ident-lookups --enable-poll --enable-truncate
> --enable-gnuregex --enable-async-io --with-pthreads --with-aio --with-dl
> --enable-storeio=aufs,diskd,ufs,coss,null
> --enable-removal-policies=heap,lru --enable-kill-parent-hack
> --enable-forw-via-db --enable-linux-netfilter --enable-underscores
> --enable-x-accelerator-vary
>
> It goes directly to the second login box.
>
> Any thoughts? Any information I can provide to be helpful?
>
> Sean
>
>
>

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -