Re: [squid-users] RE: NTLM error

From: Jeff Foster <jfoste_at_gmail.com>
Date: Fri, 19 Mar 2010 09:27:11 -0500

Dawie,

Welcome to the squid "It's Microsoft and it's broke, so it's not our
fault" list.

I had the same problem and did find a work around that seems to stop
the pop-up authentication.
The hack is to change the registry setting MaxConnectionsPerServer to
1. This is a
link for setting the registry value: http://support.microsoft.com/kb/282402

I believe the squid connection pinning code is wrong but I can't get
anyone to believe me.

Jeff F>

On Fri, Mar 19, 2010 at 8:30 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> Dawie Pretorius wrote:
>>
>> Hi is it possible that someone can come back to me on this request.
>>
>> Thank you
>>
>> Dawie Pretorius
>>
>
> Maybe yes, maybe no.
>
> You did add this:
> "
>> message and may be subject to legal privilege. Access to this e-mail
>> by anyone other than the intended is unauthorised. If you are not the
>> intended recipient (or responsible for delivery of the message to
>> such person), you may not use, copy, distribute or deliver to anyone
>> this message (or any part of its contents ) or take any action in
> "
>
> Sigh. Some people who might have answered will be legally bound not to or
> risk their employment.
>
> /joke.
>
>>
>> -----Original Message-----
>> From: Dawie Pretorius [mailto:dawie_at_tradebridge.co.za] Sent: 11 March 2010
>> 10:40 AM
>> To: squid-users_at_squid-cache.org
>> Subject: [squid-users] NTLM error
>>
>> Hi,
>> I continually have this error inside my /var/log/squid/cache.log:
>>
>> [2010/03/05 12:40:02, 1] libsmb/ntlmssp.c:ntlmssp_update(334)
>> got NTLMSSP command 3, expected 1
>
> A client is using kerberos (aka "3") to respond to your NTLM (aka "1")
> challenge.
> * Find out what client browser this is its really rather broken, and if
> possible why it's acting this way.
> * Look into implementing Kerberos auth in your network. NTLM is officially
> deprecated by MS now, and apparently not supported in Windows 7.
>
>>
>> And getting a authentication pop up.
>>
>> I found this article about this issue:
>>
>> http://www1.il.squid-cache.org/mail-archive/squid-dev/200906/0041.html
>>
>> This article states that there is a workaround:
>>
>> "The workaround is pretty simple - just enable the IP auth cache."
>>
>
> I think they mean that storing the auth credentials and re-using them for
> the IP gets around it.
>
> Not a good solution at all. And squid does not support auth cache for NTLM
> type protocols anyway. Which means you need to be using insecure Basic auth
> for it to work.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
> Current Beta Squid 3.1.0.18
>
Received on Fri Mar 19 2010 - 14:27:20 MDT

This archive was generated by hypermail 2.2.0 : Fri Mar 19 2010 - 12:00:05 MDT