RE: [squid-users] Authentication Issue with Squid and mixed BASIC/NTLM auth

From: Chris Natter <chris.natter_at_secure-24.com>
Date: Wed, 15 Oct 2008 23:25:26 -0400

We were having issues with spell-check in 3.0, I haven't tried any of
the development builds to see if it was resolved though in a later
release.
OWA spell-check just seems to hang when you attempt to spell-check an
email, or gives the "try again later" prompt. I saw some previous
postings on the archive of the mailing list, but most of them are very
outdated.

I'll have to build an RPM of squid 2.7 and check to see if that solves
both issues.

Thanks for the help.

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Wednesday, October 15, 2008 6:46 PM
To: Chris Natter
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Authentication Issue with Squid and mixed
BASIC/NTLM auth

> Hey all,
>
>
>
> I've got a tough situation I'm hoping someone can help me with.
>
>
>
> We 'downgraded' from an old 3.0PRE build that a predecessor had setup
on a
> reverse proxy, to squid 2.6.STABLE20. The proxy runs your standard OWA
> over Reverse Proxy setup, with login=PASS to an OWA backend running
with
> BASIC/NTLM auth. We have to have the NTLM for phones that sync with
> ActiveSync.
>
>
>
> It seems like something fundamental has changed in the way squid
handles
> auth from 3.0 to squid 2.6. Using firefox on 2.6, I can auth with just
> 'USERNAME', with IE on 2.6 we have to type "DOMAINUSERNAME" or
> "USER_at_DOMAIN" now. Previously, with squid 3.0, just 'USERNAME' would
work
> for auth.
>
>
>
> While this seems trivial, anything harder than just 'USERNAME' boggles
a
> lot of users. I'm assuming this has something to do with 'attempting
NTLM'
> negotiation? Is there a way around it in squid 2.6?
>

The cleaner @DOMAIN handling was only added to Squid 2.7+ and 3.0+. You
will need an upgrade again to one of those versions at least.

What caused you to downgrade though? perhapse its been fixed now in 3.1?

Amos
Received on Thu Oct 16 2008 - 03:23:15 MDT

This archive was generated by hypermail 2.2.0 : Thu Oct 16 2008 - 12:00:04 MDT