RE: [squid-users] pop up authentication prompts

From: Plant, Dean <dean.plant_at_roke.co.uk>
Date: Tue, 24 Feb 2009 09:04:55 -0000

nick.apostolou_at_au.abnamro.com wrote:
> Hi,
>
> Anyone got any suggestions on my authentication prompt problems with
> NTLM
> authentication?
>
> I've also got a test box which was build with a tar ball of the squid
> and
> samba directories which authenticates with no problem and does not
> give
> any errors in the cache.log.
>
> Regards
> Nick Apostolou
> IT Infrastructure | ABN AMRO Bank Australia/NZ
> Ph: +61 2 8259 5330 | Fax: +61 2 8259 5440 | Mobile: + 61 401 709 007
> email: nick.apostolou_at_au.abnamro.com

Try the squid_kerb_auth module. We are running 2.6.x and we have
suffered the same random pop-ups on NTLM, adding Kerberos authentication
to the top of the auth configuration fixes the random pop-ups on IE 7
and Firefox. IE 6 does not support Kerberos so leave NTLM in your
configuration if you have this browser on site. XP users will also
suffer Kerberos ticket renewal issues if your users leave their machines
on overnight and XP is not patched to SP3.

HTH

Dean

>
>
>
>
> nick.apostolou_at_au.abnamro.com
> 20/02/2009 03:46 PM
>
> To
> squid-users_at_squid-cache.org
> cc
>
> Subject
> [squid-users] pop up authentication prompts
>
>
>
>
>
>
> Hi,
>
> Random users are getting pop up authentication prompts rather than
> getting
>
> authenticated transparently via NTLM.
> This has only started to occur in the last week and the previous few
> months I have not had a problem.
>
> There are 2 proxy servers running squid/samba and both get entries in
> cache.log every minute such as this.
>
> [2009/02/20 14:29:48, 1] libsmb/ntlmssp.c:ntlmssp_update(333)
> got NTLMSSP command 3, expected 1
> [2009/02/20 14:30:48, 1] libsmb/ntlmssp.c:ntlmssp_update(333)
> got NTLMSSP command 3, expected 1
> [2009/02/20 14:31:48, 1] libsmb/ntlmssp.c:ntlmssp_update(333)
> got NTLMSSP command 3, expected 1
> [2009/02/20 14:32:48, 1] libsmb/ntlmssp.c:ntlmssp_update(333)
> got NTLMSSP command 3, expected 1
> [2009/02/20 14:33:48, 1] libsmb/ntlmssp.c:ntlmssp_update(333)
> got NTLMSSP command 3, expected 1
> [2009/02/20 14:34:48, 1] libsmb/ntlmssp.c:ntlmssp_update(333)
> got NTLMSSP command 3, expected 1
> [2009/02/20 14:35:48, 1] libsmb/ntlmssp.c:ntlmssp_update(333)
> got NTLMSSP command 3, expected 1
>
> These 2 proxies use an upstream squid to pass on requests via
> cache_peer
> statements.
>
> I had the domain controllers rebooted yesterday and followed that
> with a
> clean reboot of the squid (running on Solaris 10 x86) and within 30
> seconds of the cache being up the cache.log files starts to log these
> entries.
>
> Samba Version 3.2.0 (compiled with --quiet --with-winbind
> --with-ads=no -prefix=/usr/local/samba --localstatedir=/var/samba)
>
> Squid Cache: Version 2.7.STABLE2
> configure options: '--enable-snmp'
> '--enable-external-acl-helpers=unix_group,wbinfo_group'
> '--enable-auth=ntlm,basic' '--enable-storeio=ufs,aufs'
> '--prefix=/usr/local/squid' '--localstatedir=/var/squid'
>
> Reading though the archives there are suggestion about upgrading
> versions
> but all relate to much older versions.
>
> Anyone come across this with more recent versions (not that mine are
> the
> latest) and is there a possible resolution to it?
>
>
> Regards
> Nick Apostolou
> IT Infrastructure | ABN AMRO Bank Australia/NZ
> Ph: +61 2 8259 5330 | Fax: +61 2 8259 5440 | Mobile: + 61 401 709 007
> email: nick.apostolou_at_au.abnamro.com
>
>
> ABN AMRO Bank N.V. is an authorised agent of The Royal Bank of
> Scotland
> plc
>
------------------------------------------------------------------------

---
> This message (including any attachments) is confidential and may be
> privileged. If you have received it by mistake please notify the
> sender by 
> return e-mail and delete this message from your system. Any
> unauthorised 
> use or dissemination of this message in whole or in part is strictly
> prohibited. Please note that e-mails are susceptible to change. ABN
> AMRO 
> Bank N.V, which has its seat at Amsterdam, the Netherlands, and is
> registered in the Commercial Register under number 33002587,
> including its 
> group companies, shall not be liable for the improper or incomplete
> transmission of the information contained in this communication nor
> for 
> any delay in its receipt or damage to your system. ABN AMRO Bank N.V.
> (or 
> its group companies) does not guarantee that the integrity of this
> communication has been maintained nor that this communication is free
> of 
> viruses, interceptions or interference.
>
------------------------------------------------------------------------
---
> 
> 
> 
> ABN AMRO Bank N.V. is an authorised agent of The Royal Bank of
> Scotland plc
>
------------------------------------------------------------------------
---
> This message (including any attachments) is confidential and may be
> privileged. If you have received it by mistake please notify the
> sender by return e-mail and delete this message from your system. Any
> unauthorised use or dissemination of this message in whole or in part
> is strictly prohibited. Please note that e-mails are susceptible to
> change. ABN AMRO Bank N.V, which has its seat at Amsterdam, the
> Netherlands, and is registered in the Commercial Register under
> number 33002587, including its group companies, shall not be liable
> for the improper or incomplete transmission of the information
> contained in this communication nor for any delay in its receipt or
> damage to your system. ABN AMRO Bank N.V. (or its group companies)
> does not guarantee that the integrity of this communication has been
> maintained nor that this communication is free of viruses,
> interceptions or interference.
>
------------------------------------------------------------------------
---
Received on Tue Feb 24 2009 - 09:05:23 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 24 2009 - 12:00:02 MST