Re: [squid-users] pop up authentication prompts

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 15 May 2009 16:40:49 +1200

David Rodríguez Fernández wrote:
> More info, This is the request from my windows mobile:
>
> CONNECT www.google.com:443 HTTP/1.1
> User-Agent: HTC P3300/3.15.621.1 Mozilla/4.0 Profile/MIDP-2.0
> Configuration/CLDC-1.1 (compatible; MSIE 6.0; Windows CE; IEMobile
> 6.12)
> Host: www.google.com
> Content-Length: 0
> Pragma: no-cache
> Proxy-Authorization: NTLM \
> TlRMTVNTUAADAAAAGAAYAEsAAAAAAAAAYwAAAAAAAABAAAAACwALAEAAAAAAAAAASwAAAAAAAABjAAAAAoIIAGQtcm9kcmlndWV6do7wtB8y1GT98saqWPdAe9XQUUxf0qDn....
>
> And the response from server:
> HTTP/1.0 407 Proxy Authentication Required
> Server: squid/2.5.STABLE12
> Mime-Version: 1.0
> Date: Wed, 13 May 2009 10:47:49 GMT
> Content-Type: text/html
> [...]
>

Firstly, please consider upgrading your Squid.

Secondly, please check that you are using the samba ntlm_auth helper
instead of the squid one.

Thirdly, this trace shows only that somethgin unkown is blocking squid
from using the auth credentials presented. Check your cache.log fo
greater details. Perhapse with a higher debug level.

>
>
> 2009/5/13 David Rodríguez Fernández <davidrf_at_gmail.com>:
>> I have the same problem, but with the Internet Explorer shipped with
>> windows mobile. My users can't connect to https, http work fine.
>>
>> On Fri, Feb 20, 2009 at 6:46 AM, <nick.apostolou_at_au.abnamro.com> wrote:
>>> Hi,
>>>
>>> Random users are getting pop up authentication prompts rather than getting
>>> authenticated transparently via NTLM.
>>> This has only started to occur in the last week and the previous few
>>> months I have not had a problem.
>>>
>>> There are 2 proxy servers running squid/samba and both get entries in
>>> cache.log every minute such as this.
>>>
>>> [2009/02/20 14:29:48, 1] libsmb/ntlmssp.c:ntlmssp_update(333)
>>> got NTLMSSP command 3, expected 1
>>> [2009/02/20 14:30:48, 1] libsmb/ntlmssp.c:ntlmssp_update(333)
>>> got NTLMSSP command 3, expected 1
>>> [2009/02/20 14:31:48, 1] libsmb/ntlmssp.c:ntlmssp_update(333)
>>> got NTLMSSP command 3, expected 1
>>> [2009/02/20 14:32:48, 1] libsmb/ntlmssp.c:ntlmssp_update(333)
>>> got NTLMSSP command 3, expected 1
>>> [2009/02/20 14:33:48, 1] libsmb/ntlmssp.c:ntlmssp_update(333)
>>> got NTLMSSP command 3, expected 1
>>> [2009/02/20 14:34:48, 1] libsmb/ntlmssp.c:ntlmssp_update(333)
>>> got NTLMSSP command 3, expected 1
>>> [2009/02/20 14:35:48, 1] libsmb/ntlmssp.c:ntlmssp_update(333)
>>> got NTLMSSP command 3, expected 1
>>>
>>> These 2 proxies use an upstream squid to pass on requests via cache_peer
>>> statements.
>>>
>>> I had the domain controllers rebooted yesterday and followed that with a
>>> clean reboot of the squid (running on Solaris 10 x86) and within 30
>>> seconds of the cache being up the cache.log files starts to log these
>>> entries.
>>>
>>> Samba Version 3.2.0 (compiled with --quiet --with-winbind --with-ads=no
>>> -prefix=/usr/local/samba --localstatedir=/var/samba)
>>>
>>> Squid Cache: Version 2.7.STABLE2
>>> configure options: '--enable-snmp'
>>> '--enable-external-acl-helpers=unix_group,wbinfo_group'
>>> '--enable-auth=ntlm,basic' '--enable-storeio=ufs,aufs'
>>> '--prefix=/usr/local/squid' '--localstatedir=/var/squid'
>>>
>>> Reading though the archives there are suggestion about upgrading versions
>>> but all relate to much older versions.
>>>
>>> Anyone come across this with more recent versions (not that mine are the
>>> latest) and is there a possible resolution to it?
>>>
>>>
>>> Regards
>>> Nick Apostolou
>>> IT Infrastructure | ABN AMRO Bank Australia/NZ
>>> Ph: +61 2 8259 5330 | Fax: +61 2 8259 5440 | Mobile: + 61 401 709 007
>>> email: nick.apostolou_at_au.abnamro.com
>>>
>>>
>>> ABN AMRO Bank N.V. is an authorised agent of The Royal Bank of Scotland plc
>>> ---------------------------------------------------------------------------
>>> This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorised use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V, which has its seat at Amsterdam, the Netherlands, and is registered in the Commercial Register under number 33002587, including its group companies, shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference.
>>> ---------------------------------------------------------------------------

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
   Current Beta Squid 3.1.0.7
Received on Fri May 15 2009 - 04:40:58 MDT

This archive was generated by hypermail 2.2.0 : Fri May 15 2009 - 12:00:02 MDT