[squid-users] R: [squid-users] NTLM v2

From: Guido Serassio <guido.serassio_at_acmeconsulting.it>
Date: Thu, 7 Jan 2010 09:38:17 +0100

Hi,

You cannot force the NTLM version: the choiche is done from the Windows SSPI on the proxy machine during the negotiate phase, and NTLMv2 can be used only if both the peers are able to use it.

Look here for more details:
http://davenport.sourceforge.net/ntlm.html

I don't know if Apache httpclient is able to use NTLMv2.

Regards

Guido Serassio
Acme Consulting S.r.l.
Microsoft Gold Certified Partner
VMware Professional Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio_at_acmeconsulting.it
WWW: http://www.acmeconsulting.it

> -----Messaggio originale-----
> Da: Ho, Oiling [mailto:oiling.ho_at_credit-suisse.com]
> Inviato: mercoledì 6 gennaio 2010 18.16
> A: Guido Serassio; squid-users_at_squid-cache.org
> Cc: Svanes, Torkel
> Oggetto: RE: [squid-users] NTLM v2
>
> Hi,
>
> Thanks for your reply. Is there a way we can configure squid to use only
> NTLMV2? Can we tell from one of the log files if NTLMV2 is used instead
> NTLMV1?
>
> Instead of using a windows browser to connect to squid, I am connecting to
> squid using a Apache Httpclient.
>
> Thanks,
> Oiling
>
>
> -----Original Message-----
> From: Guido Serassio [mailto:guido.serassio_at_acmeconsulting.it]
> Sent: Wednesday, January 06, 2010 11:44 AM
> To: Ho, Oiling; squid-users_at_squid-cache.org
> Subject: R: [squid-users] NTLM v2
>
> Hi,
>
> On Windows, the native NTLM helper, when running on a domain member
> machine, will always negotiate the highest usable NTLM protocol version,
> so if both the authentication peers can use NTLMv2, NTLMv2 is
> automatically selected.
>
> Please note that, if you want to USE NTLMv2, you need to have a Windows
> Domain and you must use domain accounts only. All Windows modern browser
> are NTLMv2 capable.
>
> Regards
>
> Guido
>
> Guido Serassio
> Acme Consulting S.r.l.
> Microsoft Gold Certified Partner
> Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
> Tel. : +39.011.9530135 Fax. : +39.011.9781115
> Email: guido.serassio_at_acmeconsulting.it
> WWW: http://www.acmeconsulting.it
>
>
> > -----Messaggio originale-----
> > Da: Ho, Oiling [mailto:oiling.ho_at_credit-suisse.com]
> > Inviato: martedì 5 gennaio 2010 16.23
> > A: squid-users_at_squid-cache.org
> > Oggetto: [squid-users] NTLM v2
> >
> > Hi All,
> >
> > I have squid running on windows XP as a proxy server, I set up my
> > computer to use NTLM V2 according to this link
> > http://www.imss.caltech.edu/cms.php?op=wiki&wiki_op=view&id=396 and
> > rebooted my machine, then I used apache http client to connect to
> > squid, it should not work since apache does not support NTLM V2, but
> > somehow I was able to connect. Does anyone know what is going on? How
> > can I tell from squid if it is using NTLM V1 or NTLM V2?
> >
> > Thanks,
> > Oiling
> >
> > ======================================================================
> > ====
> > =====
> > Please access the attached hyperlink for an important electronic
> > communications disclaimer:
> > http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
> >
> > ======================================================================
> > ====
> > =====
> >
>
> ==========================================================================
> =====
> Please access the attached hyperlink for an important electronic
> communications disclaimer:
> http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
>
> ==========================================================================
> =====
>
Received on Thu Jan 07 2010 - 08:37:48 MST

This archive was generated by hypermail 2.2.0 : Thu Jan 07 2010 - 12:00:02 MST